Are you a competent and highly motivated person with a career passion for Information Security?
Our ICT Risk and Control Team is looking for a detail-oriented, self-driven, collaborative individual with a passion for integrity to fill the role of ICT Risk Officer.
Reporting to Head – ICT Risk and Control, the role holder will provide continuous independent assurance of the bank’s Information Security as regards confidentiality, integrity, and availability of the IT Systems by ensuring that appropriate security controls are in place to protect the Bank’s assets. The role holder will also ensure that ICT-related risks are managed in compliance with the Bank’s policies, laws, regulatory guidelines, and applicable standards.
The Role
Specifically, the successful jobholder will be required to:
- Carry out ICT risk assessments of Co-operative Bank systems and provide recommendations for appropriate and adequate IT security controls to mitigate and minimize ICT Risks.
- Continuously review and improve the ICT controls in place.
- Continuously review systems at all levels i.e. servers, applications, database, network devices, etc., identify risks and make recommendations on closure of the risks
- Provide continuous assurance on ICT Risks on the Bank’s systems
- Evaluate ICT controls for all operating systems, applications, database management system interfaces, and networks across the Bank to ensure consistency in achieving compliance requirements (regulatory, standards, and internal policies).
- Promote Information security awareness within the Bank by providing consultation, guidance, and conducting relevant awareness programs to ensure an IS-compliant culture.
- Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with the ICT department on effective responses or control measures to be implemented to mitigate them.
- Manage ICT risk registers.
- Periodically perform vulnerability assessments & penetration tests on Bank systems and technology, identifying vulnerabilities and recommendations on the closure of these vulnerabilities.
Skills, Competencies, and Experience
The successful candidate will be required to have the following skills and competencies:
- A Bachelor’s degree in Information Technology, Information Security, or Computer Science.
- Relevant IT Security professional qualifications e.g. CISA, CISM, CEH, or other relevant security certifications.
- A minimum of 5 years of working experience in a similar role in a highly computerized environment.
- Experience in implementing Information Security Standards such as ISO 27001, COBIT.
- Understanding of ICT risk and systems security control processes
- Understanding of Information systems Architecture and operational practices
- Appreciation of Audit Methodologies.
- Experienced in Windows Enterprise servers or UNIX systems.
- Experience working in the IT function within a banking environment will be an advantage.
- Knowledge of cybersecurity good practices (Identity and Access Management, Data Protection, Penetration Testing, etc.)
How to apply
If you are confident that you fit the role and person profile and you are keen to add value to your career then please forward your application letter enclosing detailed Curriculum Vitae to [email protected] indicating the job reference number IRO/CEO/2023 by 16th March 2023.