Chief Information Security Officer

Education.

• The applicant must hold a bachelor’s degree in computer science, Information Security, or a related field. A master’s degree is preferred.
  

• Have a relevant industry recognised certification such as; CISSP, CIPP/E, CISM, CRISC or CISA.
  

Experience.

• A minimum of 8 years’ experience in Information Security including hands-on experience in designing and implementing security solutions in a complex environment with 5 yrs at management, level preferably in a supervised financial institution.
  
• Proven experience in leading and managing security operations, incident response, and risk management teams.
  
• Experience in the financial industry or a similarly regulated environment is highly desirable.
  
• Strong understanding of Zero Trust Architecture principles, concepts, and implementation strategies.
  
• Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
  
• Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
  
• Experience with security tools such as SIEM, DLP, IDS/IPS, and vulnerability management systems
  
• In-depth knowledge of cybersecurity principles, frameworks, and standards (e.g., NIST, ISO 27001, etc.)
  

• Develop and Implement the Bank’s cybersecurity program and enforce the cyber and technology policy.
  
• Maintains the Banks current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships.
  
• Ensure that information systems meet the needs of the Bank, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the Bank.
  
• Design cybersecurity controls with the consideration of users at all levels of the Bank, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
  
• Organize professional cyber related trainings to improve technical proficiency of staff.
  
• Conduct regular and comprehensive cyber risk assessments.
  
• Develop adequate processes for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
  
• Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
  
• Periodically review the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
  
• Submit periodic reports to the CEO on, detailed exceptions to the approved cyber and technology policies and procedures, Assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the Bank during the period, and assessment of the confidentiality, integrity and availability of the information systems in the institutions.
  
• Timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
  
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
  
• Establish and maintain a robust security governance framework that aligns with regulatory requirements, industry standards, and best practices.