KEY RESPONSIBILITIES:
-
Cybersecurity Program Development and Enforcement
-
Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.
-
Oversee and implement the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.
-
Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.
-
Comprehensive Asset and Infrastructure Management
-
Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (boundaries, traffic and data flow); and Network utilization and performance data to ensure complete visibility over information resources.
-
Oversee the continuous management of software and hardware asset inventories, network maps, and performance data to prevent unauthorized access and identify vulnerabilities.
-
Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.
-
Alignment with Strategic and Operational Objectives
-
Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.
-
Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).
-
Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.
-
-
Risk Assessment, Incident Detection, and Response
-
Ensure that regular, comprehensive cyber risk assessments are conducted, applying best practice and industry standards to evaluate emerging threats and vulnerabilities in the IT environment.
-
Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.
-
Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.
-
Policy Compliance, Exception Management, and Reporting
-
Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.
-
Reporting to the Executive Leadership and the Board on an agreed interval but not less than once per quarter on the following: Assessment of the confidentiality, integrity and availability of the information systems in the institutions; detailed exceptions to the approved cyber and technology policies and procedures; assessment of the effectiveness of the approved cybersecurity program; and all material cyber and technology events that affected the bank during the period.
-
Ensure prompt periodical reporting to the regulator as required by relevant regulations
-
Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.
-
Cybersecurity Training and Workforce Development
-
Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.
-
Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.
-
Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
-
Cybersecurity Monitoring, Incident Detection, and Business Continuity
-
Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.
-
Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
-
Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
-
Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
-
Ensure frequent data backups of critical IT systems (e.fg. real time back up of changes made to critical data) are carried out to a separate storage location.
-
Data Integrity, Confidentiality, and Availability
-
Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.
-
Manage and lead a team of security professionals. Coach, & mentor team members, ensuring capabilities as a team
MINIMUM POSITION QUALIFICATION REQUIREMENTS
a) Academic and Professional Certifications
|
Detail |
Specific Field or Qualification |
Need Type |
|
Bachelor’s Degree |
Information Security, Computer Science, or a related field. |
Required |
|
Professional Qualifications |
Advanced certifications such as CISSP, CISA, CISM or CRISC are, or equivalent is highly desirable.
Certifications in CCSP, CCNA & SSCP (Familiarity with applicable regulations (e.g. GDPR, ISO 27001, Cyber security guidelines) is a plus |
Required |
|
Master’s Degree |
Information Security, Computer Science, or a related field. |
Added Advantage |
Minimum of 5 Years experience preferably in.
-
Managing high-performing information security teams within a Regulated Financial Institution
-
Design & overseeing security policies, procedures & governance frameworks
-
Familiarity with various network and database monitoring tools.
-
Familiarity with applicable regulations (e.g. GDPR, ISO 27001, Cyber security guidelines)
-
Governance controls and Risk management
-
Deep understanding of cybersecurity principles, frameworks, and banking regulations
-
Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
