• The primary purpose of this job role is to establish and manage enterprise-wide Information Security risk management programme by instituting on-going risk assessment, strategic planning, implementation, communication, training and awareness activities in response to identified risk areas.
• Delivers information security risk assessments of projects, new technologies, external service providers, and IT changes. Guides staff and managers on the appropriate risk mitigation strategies.
• Effectively communicates requirements and trains staff and managers to identify and manage IT risks throughout the project lifecycle.
• Communicates and reports on risk metrics to the various governance committees.
• Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.
• Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and Risk.
• Supports the Bank’s ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the Stanbic IBTC.
• Assists with the development of the Bank’s enterprise security architecture and standards at the business, information, infrastructure, and application level. Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the bank’s security architecture standards.
• As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
• Work closely with Change and Enablement: undertake risk analysis of all business process improvement initiative within the context of information security.
• Works closely with IT project teams to develop implementation plans for new security-related products and services.
• Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology.
• Coordinates and supports the work of security governance.
• Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality.
• Establish on-going Information Risk management programme
• Establish enterprise-wide Information Security risk management function
• Establish Information Security risk assessment process and communicate risks and impacts to Senior Management
• Prepare timely and appropriate response to inquiries from regulators and key stakeholders Implement:
• Coordinate risk assessment and action plan implementation with Senior Management, Information Technology, Internal Audit, Legal, Risk Management and other personnel
• Communicate risk management requirements and standards to all employees, through trainings and publications
• Monitor progress of investigations of security incidents and alerts
• B.Sc. degree in Information Security, Computer Science, Engineering, Mathematics, Business or related field of study
• MCSE / CISA / CISM or any risk related certification as well as information risk experience is essential
• Good risk management experience
• Good network experience
• Strong customer focus and ability to manage client expectations
• Strong team-orientated interpersonal skills
• Self-motivated and able to work with minimal supervision.
• Good communication skills.
• Ability to manage expectations
• Must be service orientated
• Strong analytical and problem solving skills
• Proven ability to work under pressure including emergency situations
• Logic and problem solving skills.
• Ability to perform IT Risk assessment
• Manage information security risk management framework
• Develop information risk management process
• Implement information risk management process
• Competent and reliable staff that is dedicated with analytical capabilities
• Ability to manage project schedule
• Ability to manage project communications
• Understand and apply compliance standards.