Information Technology Risk Officer at Asante Financial Services Group

Main Responsibilities

• Implementation of the organizations cyber security strategy
• Perform system risk assessments for all solutions being delivered and facilitate the reporting of findings, formulation, and logging of management actions, and tracking and reporting of remediation efforts
• Ensure that change and incident management procedures are implemented and report on gaps noted for remediation
• Provide training and awareness to facilitate the embedment of secure coding standards, tools and processes within the development teams
• Ensure that the IT infrastructure and applications have adequate defense in depth controls put in place.
• Review and ensure that all open issues identified by risk team, IT security applications and auditors are closed within the agreed time frame
• Keep up to date with, and understand, relevant laws and regulations such as data privacy laws
• Participate in and provide QA for UAT and SIT testing
• Ensure that all systems undergo a pentest prior to go live
• Ensure that staff members are adequately trained on cyber security issues
• Ensure that the organization has adequate IT DR measures in place
• Develops, tracks, and reports on Key Risk Indicators (KRIs) for information technology
• Performs process-level walkthroughs, control testing, etc. for the identification and assessment of IT risks and controls
• Undertaking risk reviews of the IT control framework

Specific Duties and Responsibilities

• Participate and provide QA for UAT and SIT-Ensure that the UAT and SIT have all the requisite tests from an information security perspective, both positive and negative tests. Participate in the UAT and SIT to provide assurance that the tests have met end user and information security needs.
• Change management-Ensure that proper change management procedures are in place for both infrastructure, software and code changes. All changes should be done as per the policy in place.
• Incident management-Track and report on all IT incidents and ensure that the same are resolved in a sustainable manner. Designs an innovative threat and security incident management solution
• IT Tools alert- Ensure that all alerts from IT security tools are closed in a sustainable manner
• Implement IT security policies and controls on the IT security tools - Recommend and ensure implementation of controls on the IT security tools i.e. firewall policies and related controls.
• Staff Cyber Security awareness Conduct staff cyber security awareness trainings to new and existing staff.
• Cyber security weekly and monthly reports-Summarize cyber security incidents and reports for management review and action
• Product and partner risk assessment- Review and document all IT related issues in terms of the architecture, API’s etc. and follow up resolution of the same.
• IT Risk assurance - Actively engaging in end-to-end risk remediation planning, resolution, and monitoring activities. (Patching, hardening, baseline controls for different OS and applications, application whitelisting etc)

Essential skills:

• Bachelor’s Degree in a related field
• 5 years progressive experience in a similar role in financial services
• Relevant professional requirements such as CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control (CRISC) CISA, CISM
• Working knowledge of UNIX and Windows, Firewalls, VPN, PKI, IPS, API’s, Oracle, MS SQL, Virtualization Security, Software programming skills
• Good communication and interpersonal skills
• Strong understanding of security governance, compliance, and risk management principles.
• Strong Project Management skills