Key Responsibilities

• Conduct periodic IT risk assessment to ensure all risks have been identified have been, brought to the attention of management and appropriate control measures implemented to mitigate risk.
• Provide information risk consultation and guidance during system, application development and e-product development to ensure that security concerns are fully addressed in the process.
• Conduct operating systems, application security including web application and database security risk assessment and report findings to management.
• Conduct logical and physical access control risk assessment to ensure systems security is not compromised.
• Be involved in periodic penetration testing to uncover any loopholes in the bank’s network.
• Review and accredit newly developed systems before deployment in live environment.
• Coordinate self-assessments, gap assessments, risk acceptance and other control related efforts with the business, controls and compliance functions
• Liaise with Risk Heads in subsidiaries with a view of ensuring that Group standards are met.
• Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT department on effective responses or control measures within subsidiaries.

The Person

For the above position, the successful applicant should have the following:

• A bachelor’s degree from a recognized university
• BSc (Computer Science) or related field
• Professional qualification/Certification in CISSP, CISA, CISM, CRISC.
• Master’s degree is an added advantage.
• 4 years’ work experience in the same or related role, with at least:
• 4 years’ experience in Information Technology (any domain).
• 2 years’ experience in Information Risk Management
• 2 years’ experience in Systems Audit.
• 1-year experience in Forensics is desired
• 2 years’ experience in Information Security
• 2 years’ experience in Change and Project Management.