ICT Risk Officer
This role exists to provide continuous independent assurance on the Bank’s Information Security as regards confidentiality, integrity, and availability of the IT infrastructure, processing systems, and related resources in line with the Bank Information Security Policy.
The deadline for this application is on 23rd September 2021.
Responsibilities
- Review of the Bank’s critical systems, recommendation, and implementation of appropriate and adequate IT security controls to mitigate and minimize information security risks.
- Continuous review of controls in place to identify and close gaps and provide continuous assurance on the security of the bank’s information systems
- Provide IT security support to IT Security Services and Internal Audit.
- Implement an effective information security awareness program in the Bank.
- Continuous review of systems at all levels i.e. servers, applications, database, network devices, etc., identify risks and make recommendations on the closure of the risks.
- Be involved in providing forensic data to all reviewers i.e. investigators, analysts, etc.
- Be involved and provide security guidance during technology projects, systems deployment, upgrades, and changes.
- Review all issues logged by users and analyze trends as relates to systems security management.
- Ensure all sensitive and confidential bank information is protected in conformity with the Bank’s privacy policies.
- Manage all external parties’ access to bank infrastructure and systems and have detective measures for intrusion.
- Provide and analyze departmental self-assessment reports on all systems controls to assist in focused controls.
- Provide information security training and awareness to various groups of Bank staff & stakeholders.
Required skills for the role:
- Adequacy of personal competence to effectively maintain quality assurance for the bank’s information systems security in a manner that consistently meets established standards or benchmarks.
- Good understanding of Information Security and control objectives
- Interpersonal and advocacy skills
- Appreciation of Audit methodologies
- Fair understanding of Information Systems architecture and operational practices
- Presentation skills
- Report writing
Qualifications
- University degree in Computer Science or Information Technology(M)
- Minimum 3 years working experience, with 2 years’ experience in Information Security or Information Risk.
- Certification in a system audit or security related area, such as CISA, CISM or CISSP or CRISC
- Experience of working in the IT function within a banking environment will be an added advantage.
- Working technical knowledge of ATMs will be an advantage.
- Experience in audit of systems will be an advantage
- Experience in performing analytical roles in complex business environments
- Proven experience in implementing cyber security governance.