ICT Security Officer at Caritas MFB

JOB PURPOSE

To oversee information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management framework.

KEY RESPONSIBILITIES AND ACCOUNTABILITIES

1. Monitor access to all bank systems and maintains access control profiles on computer network and systems. Track documentation of access authorizations to all resources.
2. Develop and/or maintain appropriate Segregation of Duties within and across all banking applications.
3. Develop and manage the Information Security risk management strategy, framework, guideline and approach for the bank’s systems and infrastructure landscape.
4. Research and investigate measures that address data security risks and potential losses for reporting purposes.
5. Install, modify, enhance, and maintain data system security software.
6. Work on determining acceptable risk levels for the bank and ensuring the IT environments are adequately protected from potential risks and threats.
7. Participate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks.
8. Follow-up on detected security issues and implement solutions to reduce security risks
9. Assist in the research, development, communication, maintaining and working with the operational units on the enforcement of IT security architecture, policies, procedures, solutions, and standards.
10. Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
11. Support improved data security awareness and education including on-call availability.
12. Develop strategies and action plans to drive control maturity improvement in areas where controls do not adequately mitigate risks.
13. Responsible for staying abreast of the latest industry security practices and technologies
14. Meet with bank shareholders to analyze, document, and define requirements associated with new development or maintenance and enhancements to existing security roles and permissions. Review completed roles/permissions with users to ensure requirements are fully met.
15. Deliver services that meet regulatory specifications. Work with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrate overall compliance.
16. Manage the 3rd party’s Information Security risk assessments process to ensure risk transparency and business acceptance, contractual obligations, due diligence assessments and enable risk-based decision making to support the Bank’s Third-party Risk Program.
17. Plan and conduct Incident Response Plan tabletop exercises on a periodic basis with subsequent remediation planning, tracking and completion roadmap in place.
18. Develop, update, and ensure completion of IS training and awareness initiatives throughout the Bank on a periodic basis. In addition, ensure respective reporting tracking metrics in place.
19. Evaluate and recommend security products, services, and/or procedures to enhance productivity and effectiveness.
20. Manage specified Information Security related projects from inception to completion.
21. Provide guidance, evaluation, and advocacy on audit responses.
22. Coordinate and track all information technology and security related audits. Liaise with Internal Audit, maintaining excellent relationships and provide transparency.
23. To perform any other duty as assigned in line with the organization goals and objectives

MINIMUM QUALIFICATIONS AND EXPERIENCE

1. Bachelor’s degree in Computer Science, Information Technology, or related discipline
2. Minimum 4 years in Information Technology with 3 years of Information and Cybersecurity relevant experience
3. Information security certifications preferred: CISSP, CISM, CISA or Equivalent (Note – If not certified, willing to obtain the CISO approved IS/Cyber certification(s) in the first year of employment)
4. Strong knowledge of Information Security concepts including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
5. Thorough understanding of fundamental security related frameworks and network concepts
6. Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations will be an added advantage
7. Ability to communicate effectively at different levels of the organization, and with various technical and business audiences.
8. Excellent problem-solving abilities and analytical skills. Ability to see the big picture with high attention to critical details.
9. Results oriented, can achieve desired outcomes independently and at appropriate priority levels
10. Highly motivated and energetic with ability to multi-task effectively
11. Ability to complete projects and perform daily tasks with minimal supervision
12. Ability to set and meet deadlines
13. Strong interpersonal skills