Chief Information Security Officer
Description:
JOB DETAILS: The Chief Information security officer safeguards the Bank’s information by developing, implementing and maintaining a comprehensive information security strategy.
Job Responsibilities Implement, configure and maintain the Bank’s security controls as per cyber policy security of Bank and regulator.
Install security tools (eg.
Firewalls, data encryption) to protect sensitive information.
Monitor Bank’s compliance with software and hardware licenses and monitor SLAS with both internal and external entities.
Monitor the Bank’s networks and systems for security breaches and investigate violations when they occur.
Run vulnerability checks to confirm that systems are in line with cyber security policies and guidelines.
Research the latest information technology security trends and recommend enhancement to Management.
Participate in the annual review and update of operating procedures to improve control guidance, test procedures and reference documents.
Ensuring the confidentiality, integrity and availability of Bank’s data, systems and infrastructure.
Promoting and implementing IT security awareness in the Bank.
Ensuring compliance with relevant laws, regulations, and industry standards.
Managing Bank’s response to security incidents and IT breaches.
Promoting IT security awareness and training across the Bank by ensuring all employees understand their roles in maintaining IT security and protecting sensitive information.
QUALIFICATION The ideal candidate will have the following: Must have a Bachelor’s degree in Computer science or Information Technology or Business computing or any other technology related field.
Must have a Certified Information system security professional (CSSP), certified Information System Manager (CISM), Certified System Information Auditor (CISA), Certified in Risk and Information Systems control (CRISC), ISO 270001 lead Auditor/lead implementer or other similar credentials.
8 years’ experience in banking, 3 years of which must have been at management level.
Demonstrated experience in IT risk management, information security, IT.
Up to date Knowledge of methodologies and trends in both business and IT or IT security.
Knowledge and understanding of relevant legal and regulatory requirements such as international organization for standardization, Risk IT and Cyber security framework, PCI-DSS.
Sound knowledge of business management, information risk security management, cyber security technologies and up to date knowledge of trends in both business and IT.
Highly organized person, with ability to multitask with ease Suitable basic knowledge in IT information security is a must.