Senior Manager, Regional Subsidiary Security Operations at Azenia

Job Responsibilities

Information Security Management

• Participate in planning business objectives.
• Coordinate the security risk program to set appropriate success metrics and consistently drive risk remediation across the region of responsibility.
• Identify, define, gather, and report cybersecurity risk metrics that are important to business leaders in collaboration with technical employees and other key stakeholders.
• Drive all risk program reporting for information security at all levels including executive levels.
• Develop and implement the next-level down risk management processes (process-level, asset-level (etc), including embedding risk assessments into existing country capabilities (architecture reviews, secure design, and system development)
• Develop and implement an information security awareness program for the bank that meets all industry regulations, standards and compliance requirements.
• Work with the GM Subsidiary Security Operations to continuously enhance Information Security at countries.

Information Security Operations

• Drive timeous remediation of audit findings and risks in the region.
• Assessment of requests for deviation from security policies.
• Assess vendors / partners against the bank’s 3rd party security policies and track closure of observations highlighted.
• Drive the coverage and compliance of various security tooling across the region.
• Monitoring, reviewing, and reporting various security log sources to identify risks and issues.
• Conducting and follow-up of hardening, vulnerability scanning and penetration testing for bank region-wide IT infrastructure.
• Partner with GIS colleagues and country resources to help drive a culture of security awareness and proactive risk identification and assessment.
• Provide data for decision support.

People Leadership

• Provide oversight and leadership to an information security team (including employees, contract personnel and/or vendor partners and their resources).
• Drive innovation activity as an outcome.
• Continuously identify resource capacity and skills and drive the recruitment and training of resources.
• Manage the performance of the personnel.

Relationship Management

• Partner with Enterprise Cyber Risk Management to ensure that information security risk processes are integrated with the ERM Program.
• Establish trusted relationships with information security and I.T in each country to anticipate their objectives and needs to better serve them.

Knowledge and Experience

• Bachelor’s Degree/Diploma/Certificate in Information Technology, Information Security/Assurance, Engineering or a similar area of study
• Relevant industry certifications (CISSP, CEH, CISA, CISM, etc.) will be advantageous.
• Minimum 10 years of experience in a business or technology environment.
• Project management experience will be advantageous.
• In-depth understanding of information security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. will be advantageous.
• Knowledge of industry-standard frameworks (ISO 27000, NIST, PCI DSS) will be advantageous.
• Ability to effectively provide a briefing to the business stakeholders regarding ongoing security incidents and threat levels.

Key Critical Competencies

• Experience with regulatory compliance issues.
• Excellent written and verbal communication ability.
• Aptitude for effectively conveying complex information.
• Ability to handle high-pressure situations with key stakeholders.
• Good analytical skills, problem solving and interpersonal skills.
• Ability to plan and manage complex, organization-wide programs.
• Ability to prioritize and consistently meet deadlines.
• Good research skills.
• Ability to work late on critical tasks and incidents when required.