INFORMATION SECURITY MANAGER

• Assess and manage financial risks associated with information security breaches including potential financial losses due to data breaches or cyberattacks.
  
• Identify and analyze risks through review of metrics and key risk indicators to determine the materiality in terms of financial loss reputation and regulatory risk and the likelihood of such risks occurring.
  
• Ensure appropriate action plans and delivery dates are in place to address material risks or regulatory issues identified and track these actions to completion.
  
• Develop and maintain IT risk management policies in line with industry best practices and regulatory requirements.
  

• Safeguard customer data and privacy by implementing and enforcing robust security measures such as encryption access controls and data protection protocols.
  
• Educate customers about best practices for securing their accounts and personal information including password management phishing awareness and safe browsing habits.
  
• Address customer inquiries and concerns related to information security providing timely and accurate responses to maintain trust and confidence in the banks services.
  

• Develop and enforce information security policies procedures and guidelines in alignment with regulatory requirements and industry standards.
  
• Conduct vulnerability assessments penetration testing and health checks on the Bank s computer systems to identify system vulnerabilities that can be exploited by external and internal threats and ensure that these vulnerabilities are effectively remediated.
  
• Review technologyrelated contracts with third parties and any requests for policy/standard exceptions to ensure that risks are not introduced into the Bank s environment.
  
• Provide technical riskrelated support to projects from inception through to successful implementation to ensure that adequate security is inbuilt into computer systems being introduced into the Bank s environment.
  
• Participate in and recommend improvements to policies processes and procedures to ensure all applicable regulatory requirements are fulfilled.
  
• Conduct quarterly awareness and education sessions to cultivate a securityaware culture within the Bank that promotes the responsible and secure use of information and computer systems.
  
• Ensure compliance with all banking laws and regulations industry standards and internal Bank policies related to IT risk management.
  
• Update and maintain a compliance matrix of all regulatory requirements key policy requirements and policy updates recommended by auditors.
  
• Provide guidance to all departments on topics related to IT risk management to achieve compliance with policies and standards staying within the risk appetite of the Bank.
  
• Continuously update risk assessments and IT security monitoring given the latest threats adjusting accordingly to reflect the latest trends.
  
• Coordinate with internal stakeholders such as IT teams compliance officers and senior management to ensure alignment of security initiatives with business objectives and regulatory requirements.
  

• Monitor internal and external threats and examine logs events and alerts generated by multiple platforms for anomalous activity evidence of security incidents and other error conditions that may constitute a breach in security or degradation of integrity or confidentiality of the Bank s information and computer systems.
  
• Implement appropriate reporting and escalation of all significant risks through periodic reports and priority notifications to ensure transparency of risks and appropriate measures in place to reduce risks to within the Bank s risk appetite.
  
• Respond to escalations and queries; hold regular discussions with the IT Department; and employ other means available to ensure that appropriate measures are taken to minimize exposure to risk.
  
• Prepare and present regular reports and updates on the banks information security status including metrics incidents and remediation efforts to senior management and stakeholders.
  

Requirements

• Bachelors degree in Computer Science Information Technology Cybersecurity or a related field.
  
• Professional Qualifications & Experience
  
• Proficiency in Microsoft Office Suite
  
• Bachelors degree in Computer Science Information Technology Cybersecurity or a related field.
  
• Desired Work Experience
  
• Minimum of 5 years of experience in in information security roles preferably in the banking or financial services sector.
  
• Experience in developing and implementing information security policies procedures and standards.
  
• Indepth knowledge of banking operations products and services with a focus on security requirements and risk management.
  

• Information Security Technologies: Proficiency in deploying and managing security technologies such as firewalls intrusion detection/prevention systems antivirus software encryption solutions etc.
  
• Network Security: Knowledge of network protocols architecture and security best practices to protect the banks network infrastructure from cyber threats.
  
• Security Standards and Regulations: Familiarity with international and local security standards and regulatory requirements applicable to the banking industry such as ISO 27001 GDPR PCI DSS and CBK regulations.
  
• Security Incident Response: Ability to develop and implement incident response plans to detect respond to and recover from security incidents effectively.
  
• Security Assessment and Auditing: Experience in conducting security assessments penetration testing and audits to identify vulnerabilities and ensure compliance with security policies and standards.
  
• Security Governance: Understanding of security governance frameworks and practices to establish and maintain an effective security program aligned with the banks strategic objectives.
  
• Security Awareness Training: Capability to develop and deliver security awareness training programs to educate bank staff on security best practices and reduce security risks associated with human error.
  
• Encryption Technologies: Knowledge of encryption algorithms and techniques to protect sensitive data at rest and in transit.
  
• Identity and Access Management (IAM): Proficiency in implementing IAM solutions to manage user identities access privileges and authentication mechanisms.
  
• Secure Software Development: Understanding of secure coding practices and techniques to ensure the security of customdeveloped banking applications and software solutions.
  
• Ideal Job Competencies: Behavioral Competence
  
• Leadership: Ability to lead and motivate a team of security professionals towards achieving the banks security objectives.
  
• Communication: Strong verbal and written communication skills to effectively convey complex security concepts to nontechnical stakeholders.
  
• ProblemSolving: Aptitude for identifying and solving securityrelated problems efficiently and effectively.
  
• Adaptability: Flexibility to adapt to evolving security threats and technologies in the banking sector.
  
• Analytical Thinking: Ability to analyze security data and trends to make informed decisions and recommendations.
  
• Integrity: Commitment to upholding the highest standards of ethical behavior and integrity in handling sensitive information and security matters.
  
• Teamwork: Collaborative mindset to work closely with other departments and stakeholders to implement and maintain effective security measures.
  
• Attention to Detail: Thoroughness in examining security protocols and systems to identify vulnerabilities and weaknesses.
  
• Project Management: Skill in managing security projects from initiation to completion within budget and on schedule.
  
• Risk Management: Understanding of risk assessment methodologies and the ability to prioritize security risks based on potential impact to the bank.