INFORMATION SECURITY MANAGER

• Assess and manage financial risks associated with information security breaches, including potential financial losses due to data breaches or cyberattacks.
  
• Identify and analyze risks through review of metrics and key risk indicators to determine the materiality in terms of financial loss, reputation, and regulatory risk, and the likelihood of such risks occurring.
  
• Ensure appropriate action plans and delivery dates are in place to address material risks or regulatory issues identified, and track these actions to completion.
  
• Develop and maintain IT risk management policies in line with industry best practices and regulatory requirements.
  

• Safeguard customer data and privacy by implementing and enforcing robust security measures, such as encryption, access controls, and data protection protocols.
  
• Educate customers about best practices for securing their accounts and personal information, including password management, phishing awareness, and safe browsing habits.
  
• Address customer inquiries and concerns related to information security, providing timely and accurate responses to maintain trust and confidence in the bank's services.
  

• Develop and enforce information security policies, procedures, and guidelines in alignment with regulatory requirements and industry standards.
  
• Conduct vulnerability assessments, penetration testing, and health checks on the Bank’s computer systems to identify system vulnerabilities that can be exploited by external and internal threats and ensure that these vulnerabilities are effectively remediated.
  
• Review technology-related contracts with third parties and any requests for policy/standard exceptions to ensure that risks are not introduced into the Bank’s environment.
  
• Provide technical risk-related support to projects, from inception through to successful implementation, to ensure that adequate security is in-built into computer systems being introduced into the Bank’s environment.
  
• Participate in and recommend improvements to policies, processes, and procedures to ensure all applicable regulatory requirements are fulfilled.
  
• Conduct quarterly awareness and education sessions to cultivate a security-aware culture within the Bank that promotes the responsible and secure use of information and computer systems.
  
• Ensure compliance with all banking laws and regulations, industry standards, and internal Bank policies related to IT risk management.
  
• Update and maintain a compliance matrix of all regulatory requirements, key policy requirements, and policy updates recommended by auditors.
  
• Provide guidance to all departments on topics related to IT risk management to achieve compliance with policies and standards, staying within the risk appetite of the Bank.
  
• Continuously update risk assessments and IT security monitoring given the latest threats, adjusting accordingly to reflect the latest trends.
  
• Coordinate with internal stakeholders, such as IT teams, compliance officers, and senior management, to ensure alignment of security initiatives with business objectives and regulatory requirements.
  

• Monitor internal and external threats, and examine logs, events, and alerts generated by multiple platforms for anomalous activity, evidence of security incidents, and other error conditions that may constitute a breach in security or degradation of integrity or confidentiality of the Bank’s information and computer systems.
  
• Implement appropriate reporting and escalation of all significant risks through periodic reports and priority notifications to ensure transparency of risks and appropriate measures in place to reduce risks to within the Bank’s risk appetite.
  
• Respond to escalations and queries; hold regular discussions with the IT Department; and employ other means available to ensure that appropriate measures are taken to minimize exposure to risk.
  
• Prepare and present regular reports and updates on the bank's information security status, including metrics, incidents, and remediation efforts, to senior management and stakeholders.
  

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  
• Professional Qualifications & Experience
  
• Proficiency in Microsoft Office Suite
  
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  
• Desired Work Experience
  
• Minimum of 5 years of experience in in information security roles, preferably in the banking or financial services sector.
  
• Experience in developing and implementing information security policies, procedures, and standards.
  
• In-depth knowledge of banking operations, products, and services, with a focus on security requirements and risk management.
  

• Information Security Technologies: Proficiency in deploying and managing security technologies such as firewalls, intrusion detection/prevention systems, antivirus software, encryption solutions, etc.
  
• Network Security: Knowledge of network protocols, architecture, and security best practices to protect the bank's network infrastructure from cyber threats.
  
• Security Standards and Regulations: Familiarity with international and local security standards and regulatory requirements applicable to the banking industry, such as ISO 27001, GDPR, PCI DSS, and CBK regulations.
  
• Security Incident Response: Ability to develop and implement incident response plans to detect, respond to, and recover from security incidents effectively.
  
• Security Assessment and Auditing: Experience in conducting security assessments, penetration testing, and audits to identify vulnerabilities and ensure compliance with security policies and standards.
  
• Security Governance: Understanding of security governance frameworks and practices to establish and maintain an effective security program aligned with the bank's strategic objectives.
  
• Security Awareness Training: Capability to develop and deliver security awareness training programs to educate bank staff on security best practices and reduce security risks associated with human error.
  
• Encryption Technologies: Knowledge of encryption algorithms and techniques to protect sensitive data at rest and in transit.
  
• Identity and Access Management (IAM): Proficiency in implementing IAM solutions to manage user identities, access privileges, and authentication mechanisms.
  
• Secure Software Development: Understanding of secure coding practices and techniques to ensure the security of custom-developed banking applications and software solutions.
  
• Ideal Job Competencies: Behavioral Competence
  
• Leadership: Ability to lead and motivate a team of security professionals towards achieving the bank's security objectives.
  
• Communication: Strong verbal and written communication skills to effectively convey complex security concepts to non-technical stakeholders.
  
• Problem-Solving: Aptitude for identifying and solving security-related problems efficiently and effectively.
  
• Adaptability: Flexibility to adapt to evolving security threats and technologies in the banking sector.
  
• Analytical Thinking: Ability to analyze security data and trends to make informed decisions and recommendations.
  
• Integrity: Commitment to upholding the highest standards of ethical behavior and integrity in handling sensitive information and security matters.
  
• Teamwork: Collaborative mindset to work closely with other departments and stakeholders to implement and maintain effective security measures.
  
• Attention to Detail: Thoroughness in examining security protocols and systems to identify vulnerabilities and weaknesses.
  
• Project Management: Skill in managing security projects from initiation to completion within budget and on schedule.
  
• Risk Management: Understanding of risk assessment methodologies and the ability to prioritize security risks based on potential impact to the bank