Position Summary and Key Responsibilities
Position scope:
The successful candidate will be responsible for supporting risk identification and management process across all aspects of Information Technology for the Bank, updating the executive management on the results of the risk assessment and making recommendations for mitigations to protect the Bank systems or cover potential financial losses.
Key responsibilities:
Develop and implement an ICT Risk Management Framework
Conduct system vulnerability tests in line with Bank policies and global standards and report to management on vulnerability and protection against malware and hackers
Identify and assess risks, design mitigation controls and monitor the risks till closure
Clearly document and define risks and their potential impact alongside the statistical probability of such an event, and identify systems affected by the defined risk
Develop ICT risk management guidelines to be used by all Divisions of the Bank
Conduct system penetration testing for various stages of the system development lifecycle to ensure integrity, availability and assurance of the systems and technical processes
Perform a review on compliance with ICT security policies across the technology ecosystem
Evaluate security policy, processes and procedures for completeness and assess its applicability
Work closely with business by identifying risks in products that use digital platforms
Conduct fraud assessments on technology platforms as per fraud risk management policy
Keep abreast with current advances in all areas of ICT security
Continuously evaluate communication security, data vulnerability, business continuity; and examine employee compliance with security controls and deficiencies
Position requirement
Skills & Experience:
Bachelor’s Degree in Computer related field
3-5 years of related experience with an emphasis on ICT Risk
Masters’ degree would be added advantage
Certified in Risk and Information Systems Control (CRISC) or equivalent preferred;
Ability to conduct data mining, data analysis and reporting
An intermediate understanding of networking concepts
Intermediate understanding of security appliances including but not limited to Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, and Security Information and Event Management (SIEM) systems;
Analytical, objective and ability to describe complex technical concepts and ideas in non-technical terms.
Good communication & interpersonal skills