IT Security Officer (Enterprise Risk)

Job description
Reports To: Head of Enterprise Risk
Job Purpose: Establish an effective mechanism that can identify, measure, monitor, and control the risks inherent in institutions’ ICT systems, ensure Data integrity, availability, confidentiality, security and consistency and provide the relevant early warning mechanism.
Job Dimensions
People;
Liaison with IT teams

Processes / Projects;

Implementation of the Risk Framework Document- IT Risk Aspects & other assigned risks.
Periodic review of the Information Technology Risk Framework.
Development and Maintenance of Risk Registers.
Develop and continuously revise KRIs for ICT & Security Risks.
Defining and revising risk appetites for IT and Security related Risks
Monthly update of the detailed ICT Risk Register.
IT Security Policy implementation review for compliance
Domain and Anti-virus Systems clean-up procedures and review.
Systems Access Control Management.

Profile Rights/Access issue for Igor/MIS/Cellulant users.

Coordinating review and change of systems passwords, and safe storage.
Systems users review and cleanup of applications.
Preparation of the Monthly Dashboards and Board Report on ICT risk
Conducting daily IT Risk/Security Monitoring checks.
Preparation of plans and measures on action points in ICT Risks following review of Risk event reports.
Overseeing Disaster Recovery Planning/BCP systems testing, implementation and improvements.
Carrying out IT Security Systems Assessments and Reporting for planned and new systems implemented in the enterprise
Implementation of revised CBK Risk Management guidelines on ICT Risk.

Cyber Security Intelligence and Training.

Issue tip of the week updates to all staff through heads
Research and update into the latest cyber security news and trends.
Cyber security training in Risk Champions, CSM, BM and other staff meetings

Operating Environment

Conduct Semi-Annual Risk Champions Training on emerging ICT Risks and Security.
Participate in service manager meetings and other IT meetings

Other

Close Follow up for implementation / closure of vulnerabilities as detailed in the various reports.
Assist the Head of Enterprise Risk with monthly following up for implementation of risk issues
Chair the DR Committee meeting. – Ensure Meetings are held monthly
Other special assignments as assigned by the Head of Enterprise Risk
Attend adhoc project meetings.

Key Responsibilities

ICT Risk & Security Reporting
IT Security Systems Assessments and follow-up
Development and Maintenance of Risk Registers and Risk event reporting
IT Security Management & Procedure development
Disaster Recovery Planning and Testing
CBK prudential guidelines implementation
System Access Control Management
Risk Awareness – Cyber Security Intelligence and training.
Learning & Growth, and leave management & utilization

Minimum Knowledge, Qualifications and Experience required

A Bachelor’s degree in an ICT related field.
Professional Qualification in security related field
Knowledge of Networking and Network Security principles.
3 years’ experience in ICT and Security related roles.

Functional & Behavioural Competencies required for this Role

Excellent technical skills.
Creativity and Ingenuity
Leadership and teamwork
Problem-solving and decision-making abilities;
Analytical skills and keen on detail;
Good communication and presentation skills;