Summary

Serves as the subsidiaries' process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies.

A key element of the CISO's role is working with the Group CISO and Executive Management of the subsidiary to determine acceptable levels of risk for the subsidiary in alignmentbwuth the overall risk appetite of the Bank.

Responsibilities

 

• Implement and monitor the strategic, comprehensive information security and Cybersecurity management program

• Work directly with the Group office & other business units to facilitate risk assessment and risk management processes

• Effectively update approved policies for approval and ensure this is communicated to relevant stakeholders

• Write comprehensive reports including assessment-based findings, outcomes, and communications for further system security review

• Provide leadership to the subsidiaries' information and cyber security team

• Partner with business stakeholders across the subsidiary to raise awareness of information and cybersecurity concerns

• Monitor and troubleshoot security solution/infrastructure as it concerns your subsidiary

• Work with available intelligence to identify threats to the environment and propose/implement controls to minimize risk of future events where appropriate or advised

• Provide regular updates to the Group CISO and Executive Management team on status of the subsidiary's risk posture and security program

• Collaborate with Technology team to ensure that the subsidiary's infrastructure stays protected from cyber threats and breaches

 

Education and Qualifications

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST, PCIDSS.
• Minimum of a Master's Degree in MSc in Information Security, Computer Science, Information Technology or related field
  Professional Membership.
• Industry recognised professional certifications such as MCTS, MCP, ITIL, CISA, COBIT, CISM, CRISC, CISSP, CFE, CCSP, CCSE, EC-Council.

Requirements

• Minimum 5+ years of experience performing security risk assessments, and security consulting and 3+ years of experience leading teams of information security professionals.

Characteristics

• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate interdisciplinary teams.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing and services
  Hands on experience with incident and vulnerability management
• Creative, and taking initiative
• Strong relationship management and communication skills with the ability to work collaboratively with colleagues across a number of departments and services as well as external stakeholders.
• Strong problem-solving, analytical skills and ability to work under pressure.

Reporting To

• Group, Chief Information Security Officer