Job Summary
Under the supervision of the Risk & Compliance Manager, the job holder will be responsible for implementing the ICT Risk Management Framework in line with the Society’s Strategic Plan, the Risk Management Framework and Policy, the Operations and Information Security Policies, the Society’s Business Continuity Management Policy, and the established Sacco laws and regulations and best financial service industry practices.
Key Tasks and Responsibilities
- Operationalize the Sacco’s ICT Risk Management Framework
- Establish and implement an appropriate continuous monitoring and reporting framework for Technology risks that impact on the Sacco.
- Operationalize ICT Risk Monitoring and Reporting Framework including access controls, compliance monitoring and exceptions reports monitoring.
- Spearhead ICT Vulnerability Assessment and Penetration Testing and follow-up on implementation of appropriate safeguards for identified vulnerabilities.
- Spearhead the Cyber Security efforts in the Society jointly with ICT and The Security Operations Centre (SOC).
- Conduct ICT Project and Product Risk Assessments and Quality Assurance and Participate in appropriate Application System Testing activities.
- Champion review of the Business Continuity Management (BCM) Policy, conduct Business Impact Analysis (BIA) culminating in a Business Continuity Plan for the Sacco.
- Review adherence/compliance with Society BCM Policy, BCP, ITDRP and independently participate and review tests conducted by ICT.
- Continuously review and monitor adherence/compliance with Society ICT policies including continuously assessing the adequacy, effectiveness and compliance with ICT General and Application controls
- Participate in conduct of Society-wide Risk Awareness Training for all Departments and Branches at the Society with specific emphasis on Information System-based risk and control issues.
- Conduct risk assessment for proposed and existing products.
- Investigate root causes of ICT risks and provide support to mitigate risks.