Job Description

Overall Purpose of the Position

To champion the implementation of security best practices within the Bank covering the whole security ecosystem – human resources, physical, technology and processes. To determine and execute a comprehensive security assessment programme.

 Operational Responsibilities 

• • Maintains an Integrated Management System security policy suite aligned to, as a minimum, ISO27001 and NIST standards.
• Identifies and manages security partnership agreements to ensure the Bank is subject to a continuous, independent security assessment regime to ensure that the Bank security posture is aligned to the Bank’s risk appetite statement.
•  Implements a security monitoring regime with the aim of capturing security logs across different systems into a consolidated and deterministic solution to be able to proactively identify potential threats on first indications of occurrence and with the rigour required for
  independent assessments.
• Build a digital forensic toolkit including software, processes and data to be able to carry outsecurity investigations as may be required by the Bank’s Management Committee or Board of Directors.
• Articulates a database strategy that implements the four-eyes and segregation of responsibilities’ principles.
• Leads security awareness campaigns across the Bank including the planning and executing of social engineering exercises.
• To sit on committees and attend meetings when required, taking minutes accordingly.

General Responsibilities

• To submit any reports and/or participate in any projects and activities as may be directed from time to time.
• To ensure compliance with Bank’s policies, guidelines and underlying procedures at all times.
• To perform standard office tasks including processing mail, answering phone calls, ordering supplies and filing.
•  To perform any other duties that may be reasonably assigned from time to time..

Qualifications, Skills & Competencies

Mandatory

Skill

Strong knowledge of information security principles and practices to
include;
• Strong analytical and problem-solving abilities;
• Strong verbal and written communication skills;
• Strong organizational and multi-tasking skills;
• Team player, reliable, and can work on his/her own initiative.

Experience

• Three years of experience in information security.

Qualification

• First degree level of education or equivalent specialised training in technical management.

Desirable

Skill

• Knowledge of IPS/IDS, packet/traffic analysis and related tools.Becomputer literate and conversant in MS Office applications, especially MS Excel.

Experience

- Practical experience in leveraging SIEM solutions.

Qualification

Security certifications (CISA, CISM).

Position level (1 being the highest level)

1. Head of Department
2. Managerial & Specialist Positions
3. Middle Management & Specialist Positions
4. Technical & Clerical Positions