Information Technology Risk and Security Manager

Bring your possibility to life! Define your career with us

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

Job Summary

The purpose will be to identify and significantly reduce the level of risk to information security of the bank, cyber security and ensure that standards are implemented to protect the organization from any security breaches or attacks. It will support in-country on operational issues relating to IT risk, IT security, Cyber Security and IT governance.

Job Description

People management (20%)

• Drive and inspire team managers to deliver exceptional performance within their teams.

• Performs other lawful duties assigned by superior.

• To maintain high levels of professional conduct, including but not limited to: co-operative engagement in tasks set; the exercising of initiative to suggest, through line managers, improvements to the service provided; and clear and professional styles of communication at all times.

• To manage other activities that may arise through evolution, growth or restructuring.

• Agree and undertake Performance Reviews for team managers. Identify training gaps and developmental requirements, offer support whilst continuously coaching.

• In liaison with the Training Manager ensure that training needs identified are delivered for the team. Step in and undertake trainings when required.

• Identify and develop talent within the team to ensure a robust succession planning.

• Ensure that team members own and manage customer queries and complaints by taking ownership and resolving in a timely manner. Act as the escalation point for their unresolved queries and complaints.

• To develop and maintain an excellent working relationship with the CSO office at the group. Assists the CSO team in troubleshooting and resolving escalated IT security incidences, identifies and resolves root causes of security-related problems and related issues. Consults on teams to resolve issues that are uncovered by various internal and third party monitoring tools.

IT Security and Cyber Security (40%)​

• To be responsible for the coordination of regular Information Security Reviews in the bank and with other departments and the CSO community by conducting assessments of systems, processes and infrastructure and making recommendations to minimize risks identified.

• To carry out technical vulnerability assessments of IT systems and processes, identifying potential vulnerabilities, to make recommendations to control any risks identified and to ensure they are implemented. Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure, applications and Cyber Security. Performs security monitoring and reporting including Cyber security, analyses security alerts and escalates security alerts to the CSO support teams.

• Works directly with the users, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. Conducts impact analysis to ensure resources are adequately protected with proper security measures.

• Assists/performs in-country security assessments and performs security attestations. Participates in security investigations and compliance reviews as requested. Conducts and reports on internal investigations of possible IT security violations.

• To respond rapidly and effectively to IT security incidents, managing them in a professional manner including where possible, computer forensics for evidence gathering and preservation. Appropriate and sensitive handling of effected staff and efficient liaison with external and law enforcement agencies when required.

• Develops and implements information security strategies, standards and policies across multiple platforms so as to prevent loss of information through viruses’ disasters, hackers and cyber-crimes.

• Provide information security awareness training to organization personnel

• Communicate information security goals and new programs effectively with other department managers within the organization

IT Governance (20%)              

• Shall be the point of contact for all IT Audits carried out on the department and shall ensure that all audits are satisfactory and that outstanding issues are closed within an acceptable period of time. Coordinates all IT internal and external assessment components including the gathering of evidences, timely completion of RCA’s, ICP’s and responses to audits/ risk assessments

• To lead by example and provide good security guidance and advice on best practice to service managers, staff at all levels etc.

• Develops processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.

• Participates in security planning and analyst activities, works in combination with IT teams to ensure security is engaged in projects. Provides security application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. Defines and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment.

• Ensures that change management control procedures are adhered to.

• Provides strategic and tactical direction and consultation on information security and compliance. Maintains an up-to-date understanding of industry best practices.

• Develops, refines and implements of enterprise-wide security policies, procedures and standards to meet compliance responsibilities. Monitors the legal and regulatory environment for recent developments and recommends required changes to IT risk & security policies and procedures. Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.

IT Risk Management and Control (20%)   

• Responsible for carrying out Technology risk assessments by analysing the effectiveness of information security control activities, and reports on them with actionable recommendations. Monitors risk mitigation and coordinates policy and controls to ensure that other managers in IT are taking effective remediation steps. Manages the oversight of technical risks assessments, such as vulnerability scanning and penetration testing. Participates in the development and maintenance of a global risk framework (a single view of the Banks risk profiles and tolerance.) Captures, maintains, and monitors information security risk in one repository.

• Assists/performs in-country security assessments and performs security attestations. Participates in security investigations and compliance reviews as requested. Conducts and reports on internal investigations of possible IT security violations.

• To respond rapidly and effectively to IT security incidents, managing them in a professional manner including where possible, computer forensics for evidence gathering and preservation. Appropriate and sensitive handling of effected staff and efficient liaison with external and law enforcement agencies when required.

• Custodian of the ICT risk register and shall ensure the implementation of relevant IT risk control frameworks.

• Monitors compliance with security policies, standards, guidelines and procedures. Ensures security compliance with legal and regulatory standards.

• Interfaces with third-party vendors to evaluate new security products or as part of a security assessment process. Performs assessment of third-party vendors and coordinates the development of information security disaster recovery test plans, testing, and documentation for each application. Provides responsive support for problems found during normal working hours as well as outside normal working hours

• Provides guidance on business continuity and disaster recovery design and implementation for enterprise-wide disaster recovery management programs, including maturity models, methodologies, sourcing strategies, plans, metrics and scorecards for all components of the programs.

• Ensures that the risk rating for in-country Technology is satisfactory.

Education

Bachelor’s Degree: Information Technology