ICT Risk Officer

Responsibilities

• Review of the Bank’s critical systems, recommendation, and implementation of appropriate and adequate IT security controls to mitigate and minimize information security risks. 
• Continuous review of controls in place to identify and close gaps and provide continuous assurance on the security of the bank’s information systems 
• Provide IT security support to IT Security Services and Internal Audit. 
• Implement an effective information security awareness program in the Bank.
• Continuous review of systems at all levels i.e. servers, applications, database, network devices, etc., identify risks and make recommendations on the closure of the risks. 
• Be involved in providing forensic data to all reviewers i.e. investigators, analysts, etc.
• Be involved and provide security guidance during technology projects, systems deployment, upgrades, and changes.
• Review all issues logged by users and analyze trends as relates to systems security management.
• Ensure all sensitive and confidential bank information is protected in conformity with the Bank’s privacy policies.
• Manage all external parties’ access to bank infrastructure and systems and have detective measures for intrusion.
• Provide and analyze departmental self-assessment reports on all systems controls to assist in focused controls.
• Provide information security training and awareness to various groups of Bank staff & stakeholders.

Required skills for the role:

• Adequacy of personal competence to effectively maintain quality assurance for the bank’s information systems security in a manner that consistently meets established standards or benchmarks.
• Good understanding of Information Security and control objectives
• Interpersonal and advocacy skills
• Appreciation of Audit methodologies
• Fair understanding of Information Systems architecture and operational practices
• Presentation skills
• Report writing