Security Governance Manager

JOB TITLE

Security Governance Manager

LEVEL/BAND MS30

DEPARTMENT

Risk

DIRECT REPORT (JOB TITLE) Head of Risk

Overall Purpose of the Position

To champion the implementation of security best practices within the Bank covering the whole security ecosystem – human resources, physical, technology and processes. To determine and execute a comprehensive security assessment programme.

Operational Responsibilities

• Maintains an Integrated Management System security policy suite aligned to, as a minimum, ISO27001 and NIST standards.

Identifies and manages security partnership agreements to ensure the Bank is subject to a continuous, independent security assessment regime to ensure that the Bank security posture is aligned to the Bank’s risk appetite statement.

Implements a security monitoring regime with the aim of capturing security logs across different systems into a consolidated and deterministic solution to be able to proactively identify potential threats on first indications of occurrence and with the rigour required for

independent assessments.

Build a digital forensic toolkit including software, processes and data to be able to carry outsecurity investigations as may be required by the Bank’s Management Committee or Board of Directors.

Articulates a database strategy that implements the four-eyes and segregation of responsibilities’ principles.

Leads security awareness campaigns across the Bank including the planning and executing of social engineering exercises.

To sit on committees and attend meetings when required, taking minutes accordingly.

General Responsibilities

To submit any reports and/or participate in any projects and activities as may be directed from time to time.

To ensure compliance with Bank’s policies, guidelines and underlying procedures at all times.

To perform standard office tasks including processing mail, answering phone calls, ordering supplies and filing.

To perform any other duties that may be reasonably assigned from time to time..

Qualifications, Skills & Competencies

Mandatory

Skill

Strong knowledge of information security principles and practices to

include;

• Strong analytical and problem-solving abilities;

• Strong verbal and written communication skills;

• Strong organizational and multi-tasking skills;

• Team player, reliable, and can work on his/her own initiative.

Experience

Three years of experience in information security.

Qualification

First degree level of education or equivalent specialised training in technical management.

Desirable

Skill

Knowledge of IPS/IDS, packet/traffic analysis and related tools.Becomputer literate and conversant in MS Office applications, especially MS Excel.

Experience

- Practical experience in leveraging SIEM solutions.

Qualification

Security certifications (CISA, CISM).

Position level (1 being the highest level)

Head of Department

Managerial & Specialist Positions

Middle Management & Specialist Positions

Technical & Clerical Positions

Apply to this job