ICT Risk Officer
The Jobholder will be responsible for supporting and executing risk identification and management across all aspects of ICT within the Bank including Cyber Security and Information Risk. The role will provide continuous independent assurance on the Banks Information System security by ensuring appropriate security controls are in place to safeguard Bank assets from ICT risks while also ensuring compliance with ICT and Information Security Policies, regulatory guidelines and applicable best practice standards.
He/she will work closely with Group Risk, In-country ICT teams and the wider business stakeholders where required.
Participate in development of ICT Risk Management Framework and annual ICT Risk Assessment exercise
Identify and assess risks, design mitigation controls and track/monitor risks to closure including escalation of long outstanding risk exposures to management.
Review Banks critical systems, risk assessment and recommendation of appropriate and adequate IT security controls to mitigate and minimize information security risks.
Evaluation of ICT controls for all operating systems, applications, database management system interfaces and networks across the Bank to ensure consistency in achieving compliance requirements (regulatory, standards and internal policies).
Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT department on effective responses orcontrol measures and improvement of ICT program development, management and evaluation processes.
Work closely with business to identify risks in products dependent on the technology landscape.
Continuously evaluate ICT policy compliance, Data & Information Risk, Business Continuity Risks and report on employee compliance with security controls and deficiencies.
Promote ICT/Information Security awareness within the Bank by providing guidance, consulting and coordinating relevant programs to ensure a strong security culture.
Education and Qualifications
A Bachelor’s degree in IT or Computer Science or related field from a recognized university.
Relevant certifications in Risk, Audit or Information Security knowledge areas, such as Information Systems Audit, Information Security Management, Risk Management and Ethical Hacking.
A minimum of 3 – 4 years of ICT Risk experience preferably in a Banking or Financial Institution that provides exposure to sophisticated ICT systems, network security, technology infrastructure, software development and project management.
Understanding of concepts related to ICT & Cyber Security including digital & cloud security, logical and physical access security, change management, Information & Cyber security, Business Resilience practices and network technology.
Team player with good communication and interpersonal skills.
Ability to work independently with minimal supervision.
Demonstrate strong problem solving skills.
Good report writing & presentation skills.
IT & Network Administration: 3 Years
Audit: 3 Years