The IS Governance Officer ensures governance controls are integrated into the day-to-day management of FBNQuest’s information security function.
This role develops and oversees the Security Policies, Standards & Procedures, conducts Information & Cyber Risk Assessments, manages 3rd Party Security Risk and Risk Response, and ensures security awareness, compliance, remediation tracking and performance reporting across the business. He/she will support the maintenance of the Bank’s Information Security and Business Continuity Management Systems, and adoption of related regulations and frameworks.
DUTIES & RESPONSIBILITIES
- Ensure security policies are established, communicated, and enforced across FBNQuest in line with the defined enterprise security architecture.
- Monitor compliance to the requirements of the security policies, standards and regulations.
- Ensure alignment of cyber security practice with the overall enterprise risk management programme and periodic maturity assessments of the function.
- Track effectiveness of risk response and remediation of security gaps and report the status.
- Ensure relevant reports are submitted to the regulators as required.
- Facilitate security awareness efforts/exercises.
- Communicate business value of information security and collaborate effectively with business system owners and 3rd parties for effective security risk management.
- Manage the deployment, monitoring, maintenance and upgrade of all Information Security services and ensure change control process are followed during changes to information assets.
- Evaluate existing third-party relationships, the security posture of the organization and perform security assessments/gap analysis to uncover risk exposures (across networks, applications and human/physical access levels) as well security risk remediation.
- Planning, designing and documenting the security architecture (layers, components, principles and standards), defining a roadmap and target state blueprints to drive execution of transformational security initiatives.
- Assess and identify vulnerabilities in existing systems and supervise the implementation of architectural changes to improve the security posture.
- Develop, review, and approve installation requirements for required security and related architecture components (e.g. LANs, WANs, VPNs, routers, firewalls etc.)
- Establish disaster recovery procedures and guidelines for conducting security breach drills.
- Influence technology strategy & related investments that will realize the information security objectives of the business.
- Regularly collaborate with business system owners and stakeholders, as well as IT product teams, to understand and capture all information security needs to be addressed in IT systems.
- Serve as point of escalation, review and approval for key issues and decisions for all security architecture domains.
- Stay up to date with the latest security systems, standards, authentication protocols, and identify opportunities for adapting the security architecture.
- Develop, maintain and oversee a robust methodology and procedures for a proactive information and cyber risk assessment to carried out in line with the requirements of the business as well as the best practices.
- Ensure a robust risk response plan is established to address potential information / cyber threats across the 3 Lines of Defense.
- Develop risk mitigating strategies, response protocols and plans as well as controls (preventive and corrective) in accordance with the organization’s risk management framework, security policies and standards.
- Evaluate and operationalize leading solutions for the risk response function as well as identifying emerging evolving threats, response methods and technologies.
- Develop a comprehensive methodology for monitoring triage activities (priority, role assignments) and assessments conducted in resolving information security incidents, detailing the complexity of the incident, timeline of action, responsible party, impact to the organization etc.
- Carry out other tasks as assigned by the CISO.
- Minimum of 8 years relevant experience in information security management, enterprise risk management, governance and technology architectures relating to information security and IT risk management.
- Experience in the Financial Services industry, current IT risks, security implementations, and technology dependency.
- Possess Management Level experience with experience in at least 2 major areas of banking operations.
- Evidence of strong industry / sector participation.
- Minimum of Bachelor’s degree in Computer Sciences or Technology related discipline
- An MBA or relevant Master’s degree in any related discipline
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Security Professional (CCSP)
- Other Information security certifications
KEY COMPETENCY REQUIREMENTS
- Security administration
- Information Governance
- Information security
- Information Assurance
- Business risk management
- Third Party Security Risk Management
- Knowledge Management
- Vulnerability management
Qualified candidates can apply by sending their CVs to [email protected] with the job title as the subject.