Latest Recruitment at HF Group

Principle Accountabilities

• Maintain an information system log register that is aligned to OEM and industry standards on security events logging.
• Maintain a business use case register that is used to configure correlation rules in the various Cybersecurity monitoring tools.
• Maintain an alert/exceptions report register that captures the items to be reported based on business use cases, frequency, the recipients etc.
• Monitor for attacks, intrusions and unusual, unauthorized or illegal activity.
• Monitor and respond to 'phishing' emails and 'pharming' activity.
• Monitor identity and access management, including monitoring for abuse of permissions by authorized system users.
• Use advanced analytic tools to determine emerging threat patterns and vulnerabilities.
• Engage in system security testing/'ethical hacking' – this includes simulating security breaches.
• Investigate security alerts and provide incident response.
• Generate reports for both technical and non-technical staff and stakeholders.
• Test and evaluate security controls in new and existing business products.
• Provide first-line support for all key cybersecurity systems/tools – including NAC, Anti-Virus/DLP, Content Filters, PAM, MFA, DAM, SIEM, FIM etc.
• Maintain an inventory of system users with their roles ensuring compliance with documented policies and procedures.
• Give advice and guidance to staff on issues such as spam and unwanted or malicious emails.
• Liaise with stakeholders in relation to cyber security issues and provide future recommendations.
• Keep up to date with the latest security and technology developments.
• Research/evaluate emerging cyber security threats and ways to manage them.

Key Competencies and Skills

Technical Competencies

• Vulnerability/Penetration testing skills of applications and infrastructure.
• Social engineering skills.
• Security assessments of network infrastructure, hosts and applications.
• System audit/risk assessment skills.
• Forensics – investigation and analysis of how and why a breach or other compromise occurred.
• Troubleshooting skills.
• Knowledge of the following technology controls: - Data Loss Prevention, Anti-Virus/Anti-   malware, Database Activity Monitoring, SIEM, IDS/IPS, Mail/Web filters, Vulnerability Management system, File Integrity Monitoring, Network Access Control, Privileged Access Management, Mobile Device Management, Multi-Factor Authentication etc.
• TCP/IP, computer networking, routing and switching – an understanding of the fundamentals: the language, protocol and functioning of the internet.
• Appreciation of ISO27001 and PCI-DSS standards.
• C, C++, C#, Java or PHP programming languages.
• Cloud computing security.
• Windows, UNIX and Linux operating systems, on which most of the business world runs.

General competencies

• Excellent report writing and communication
• The ability to work well independently or within a team
• Capable of meeting deadlines
• Demonstrate Integrity and Professionalism

Minimum Qualifications, Knowledge and Experience

Qualifications- Academic and Professional

• Undergraduate degree in Computer Science /Information Technology or related field
• Certification in network administration and security such as CCNA
• Certified Ethical Hacker
• Certification in a system audit or information security related area, such as ISO/IEC 27001 Lead Auditor, CISA, CISM or CISSP

Experience

At least 3 years’ experience working either in a busy ICT environment or as consultant handling the following:

• System logging and monitoring
• Vulnerability assessment and Penetration testing
• Malware analysis
• Reverse engineering and exploit research
• Cyber threat intelligence
• Cybersecurity incident response
• Digital forensics/cyber-crime investigation
• System user access management
• Support/administration of Cybersecurity tools

go to method of application »

Principle Accountabilities

• To provide leadership in the planning, development and implementation of operational risk frameworks/measurement methodologies, policies, standards and procedures aligned with the Bank's Operational Risk Program
• Prepare various Management and Committee reports to communicate the effectiveness of operational risk controls, issues and recommendations to mitigate risk/loss events
• Contribute to the development of new, or enhancement to existing risk management policies and tools
• Lead and co-ordinate the investigations of process events
• Maintain operational loss events data and monitor trends
• Investigate root causes of operational risk incidents and provide support to mitigate the identified risks.
• Coordinating the implementation of Risk & Control Self-Assessment (RCSA) framework and Key Risk Indicators (KRIs) across the various Business and Support units
• Participate and contribute to success of new products, projects or developments through active guidance role on Operational Risk matters.
• In collaboration with relevant stakeholders, develop and implement an extensive staff training plan and awareness program to promote a strong culture of sound risk management and compliance within business and support units.
• Performing independent reviews on adequacy of operational risk management controls, observance of regulatory requirements and highlight exceptions or control deficiencies.
• Custodian of all Bank policies and operational procedures. Maintain a schedule of policy and operational procedure reviews to ensure adequacy.
• Drive adherence of set SLAs in issuing feedback to stakeholders.
• Reduction in the impact and frequency of operational risk incidents within the bank leading to minimized unexpected operational loss data.
• An appropriate compliance risk rating by regulatory authorities.
• Appropriate regulatory, external audit, internal audit ratings on operational risk management.
• Continuously reviewing and improving the operational risk management framework and processes.
• Incorporating feedback and lessons learnt from incidents into risk management practices.
• Collaborating with other department, such as IT, audit and finance, to ensure a holistic approach to risk management.

Key Competencies and Skills

Technical Competencies

• Strong leadership and management skills
• Knowledge of BASEL compliance frameworks
• Knowledge of Bank’s operations, processes, policies standards and procedures.
• Knowledge of the regulatory environment and the Governing Acts, CBK Prudential and Risk Management Guidelines.
• Ability to understand and document workflows and business processes
• Strong analytical and monitoring skills
• Good report writing and presentation skills.

General Competencies

• Communication skills
• I.T. Skills (Ms office)
• Creativity
• Team player
• High levels of professionalism and professional development.
• Honest with impeccable integrity (high ethical standards)

Minimum Qualifications, Knowledge and Experience

Qualifications: Academic and Professional

• Degree in Commerce, ICT, Finance, Banking or a related field.
• Professional qualifications in the fields of Risk Management, and Compliance.

Experience

• Minimum 8 years related working experience with at least 5 in enterprise risk environment and in operational risk execution.