Job Purpose Statement

The purpose of this role is to create and sustain a cohesive culture and approach to ICT Risks that gives assurance on the Bank’s ability to adapt, recover or mitigate the impact of Information and Cyber risks on its business, customers, employees, shareholders and other stakeholders

Key Accountabilities (Duties and Responsibilities)

  • Undertake risk assessments, analyse the effectiveness of technical and procedural control activities, and provide actionable recommendations to management.
  • Assess the Bank’s information and Cyber Security capabilities, operations and supporting technology controls to identify risks and recommend pragmatic risk mitigation measures.
  • Identify and assess business disruption risks and their impacts associated with current business practices and strategic plans.
  • Identify critical points of failure in the Bank’s ICT disaster recovery plans and recommend risk mitigation measures based on best practice standards.
  • Review and report on the residual ICT risks.
  • Review and improve the training and awareness programs for Information and Cyber Security in the bank.
  • Succinctly frame emerging threats and risk in alignment with the existing risk profile.
  • Distil complex risk, process and control relationships into simple dashboards/reports.
  • Demonstrate robust risk management oversight in supporting various internal assessments and regulatory examinations.
  • Support the development of the IT risk management practice, framework and methodologies.
  • Review, report and follow-up on closure of any noted gaps during the ICT risk assessments

Job Specifications

  • University Degree in a relevant field
  • Master’s degree will be an added advantage
  • Relevant certifications in Information Security and Risk Management knowledge areas such as CRISC, CISM, CISA, CISSP or equivalent.
  • At least 4 years’ experience in a similar role with exposure to Banking operations, Technology or Assurance functions.
  • Practical Knowledge of BOT guidelines on ICT Risk Management.
  • Practical Knowledge of risk and control frameworks and their application within the Financial Services industry