Information Security & Data Privacy Officer at Sidian Bank

Monitoring and Review of Systems:

• Monitoring performance and adherence to the requirements of the regulation while providing advice on the data protection impact assessment.
• Conducting audits to ensure compliance, accountability and address potential issues proactively.
• Monitor security events received from the Bank’s security tools on applicable perimeter devices, systems, databases and servers for potential attacks, suspicious or anomalous activities.
• Assist in identifying new solutions to improve the ISO monitoring role in threat identification, detections and response capabilities.
• Strengthen the monitoring of system transactions integrity and events by review of the System audit logs and Escalation of noted anomalies.
• Analyze and document business process objectives and design to identify required information systems controls.

Incidences Management:

• Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised with regards to Data Protection.
• Handling queries or complaints internally or externally regarding data confidentiality and use.
• Escalate and report on incidents, potential gaps or risks as observed during monitoring activities.
• Document the security breaches and measure the damage caused.

Reporting:

• Reporting to the Supervisor:
• Providing updates on the Data Protection compliance programme to the Board and Risk Management Committee
• Providing status updates to the Head of Risk and Senior Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirement.
• Share a monthly report on privilege access management and bank wide compliance to the user access rights.
• Quarterly reporting to the board on the exceptions noted in user access management likely to impact the Confidentiality, Integrity and Availability of information.
• Any other duties as deemed necessary by the supervisor.

Academic Background

• Bachelor’s degree in Information Technology, Computer science, Cybersecurity, business, or related fields
• Strong knowledge of Information Security related frameworks/ Regulations such as, ISO 27001, NIST 800-53, NIST Cyber Security Framework, Cobit, FFIEC CAT, GLBA, SOX, NYDFS 500, etc.

Work Experience

• At least 5 years of Banking or Information Technology Experience
• Knowledgeable in IT operations
• Proficient in IS Security
• Knowledge on Data Protection laws & General Data Protection Regulations (GDPR) is an added advantage