This position reports directly to the Manager ICT Risk and will be based at Head Office.

Role of the Job:

The ICT Risk Analyst will implement and maintain a comprehensive information risk management program. The Analyst shall define key risk indicators, risk registers, processes and standards aimed at optimizing information assets while mitigating associated and emerging exposures.

Key Result Areas:

• Continuously identify, assess, measure and monitor information technology risk by performing hands-on risk assessments.
• Identify and communicate recommended security and control deficiencies for business units and monitor the implementation of controls for applications, technologies & assets.
• Maintain assessment criteria of applications & systems for measuring compliance of company policies, procedures, standards, security training programs, technical infrastructure, applications and development efforts against defined internal compliance baselines.
• Work closely with Compliance to identify compliance baselines from legislative requirements and corporate objectives.
• Understand information security risks pertinent to the bank’s business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
• Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
• Assist with assessments of vendors and business contracts for evaluation and tracking of risk changes.
• Analyze audit findings and assist in implementing audit recommendations.
• Support in the development of policies/standards/guidelines/best practices.
• Conduct periodic database security assessments and vulnerability scans to identify and remediate any weaknesses or vulnerabilities.
• Monitor and analyze database activities and user actions to detect and investigate any unauthorized or suspicious activities.
• Collaborate with database administrators and system administrators to implement secure configurations and hardening measures for databases.

Minimum educational and technical competence requirements:

• At least 2 years of professional experience in IT Risk management related position in a financial institution.
• Bachelor’s degree in Computer science, Information Systems, or any other related discipline from a recognized university.
• Possession of CISM, CRISC or CISA shall be an added advantage.
• Ability to exercise the highest level of integrity and confidentiality.
• Excellent communication skills.
• Self-driven, assertive, and pro-active.