Chief Information Security Officer (CISO)

Job Description: The institution is seeking to hire a qualified and highly experienced Chief Information Security Officer (CISO) the role entails looking at data management and analytics, which will help the Bank to better anticipate the nature of threats and determine the most appropriate action to meet them.
The Key Roles:

Overseeing and implementing the Bank’s cyber security program and enforcing the cyber security policy/framework.
Ensuring the Bank maintains a current enterprise-wide knowledge base of its users, devices, applications and their relationships, including but not limited to:

Software and hardware asset inventory;
Network maps (including boundaries, traffic and data flow); and
Network utilization and performance data.

Ensuring that information systems meet the needs of the Bank, in particular information system development strategies, comply with the overall business strategies, ERM framework, risk appetite and ICT policies.
Design cyber security controls with the consideration of users at all levels of the organization, including internal (i.e. management, permanent & contract staff and direct sales representative) and third party users/external users (i.e. contractors/consultants, business partners and service providers).
Organizing professional cyber related training to improve technical proficiency of staff.
Conducting regular and comprehensive cyber risk assessments that consider people (i.e. employees, customers, outsourcing and other external parties), processes, data, and technology across all its business lines and locations.
Monitoring current and emerging cyber risks.
Maintain a comprehensive cyber risk register. Risk identification should be forward looking and include the security incident handling.
Reporting to the board on an agreed interval but not less than once per quarter on the following:

Assessment of the confidentiality, integrity and availability of the information systems in the banks.
Detailed exceptions to the approved cyber security policies and procedures.
Cyber risk identification.
Assessment of the effectiveness of the approved cyber security program.
All material cyber security events that affected the bank during the period.

Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
Ensure frequent data backups of critical IT systems (e.g. real time backup of changes made to critical data) are carried out to a separate storage location.
Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the bank can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
Collaborate with other banks and the security agencies to share the latest cyber threats/attacks encountered by the bank.

Key Skills, Experience and Personal Competencies Required
Skills

Excellent interpersonal & Communication Skills
Working in Teams
Excellent analytical skills
Organization skills
Problem solving skills
Excellent knowledge of security tools
Report writing skills

Experience

3- 5 years Banking Experience

Recommended Minimum Qualifications
Education Level

Graduate – BSc. Degree in Information Technology , Mathematics or Computer Science
Master’s degree would be advantageous

Professional Qualifications

Certified Information Security Professional
Cisco Certified Network Associate
Cisco Certified Security Administrator
Check point Certified Security Administrator