Key Result Areas:

• Proactively identify and evaluate IT and cyber security threats to the Bank’s information assets and their mitigating controls while considering the current risk appetites to reduce the impact and probability of occurrences of threats applicable to the organization at an acceptable level.
• Regularly report on the Bank’s ICT risk profile and progress made to reduce ICT risk levels to an acceptable threshold.
• Continuously review the system of identification, assessment and monitoring of IT, cyber and data protection risk exposures in the Bank and make relevant recommendations for changes to the bank’s risk management framework with a view to either prevent or be prepared to take remedial actions when faced with those threats.
• Conduct regular system user access reviews on all critical bank IT systems and as prescribed in the bank’s risk management program and advise on exceptions noted.
• Provide advice and follow up on the implementation of IT, cyber security and data protection controls in new business propositions through participation in the process of implementation of IT related projects and initiatives.
• Continuously assess the bank’s ICT security risk awareness program and ascertain that it considers all requirements, expectations and prevailing IT security threats to ensure that all system users are aware of appropriate security behaviors.
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders
• Deliver training across all business units to staff members who are involved in data handling or processing
• Proactively review and monitor management of a Bank wide map (cartography) of the storage areas and flows of sensitive data in view of appropriately securing them in line with relevant policies.
• Continuously review and offer assurance on the effectiveness of the bank’s IT disaster recovery plan.
• Review the bank’s ICT incident response plan and monitor implementation of the same for each relevant event/incident to provide assurance on the plan’s adequacy and effectiveness.
• Perform the post-mortem analysis or investigations of all security issues, reported, discovered or otherwise to define and incorporate lessons learnt to enhance the bank’s capabilities to proactively protect the information assets of the organization.
• Conduct objective, fair and timely cybercrime investigations either independently or part of a team, whenever required, in accordance with the bank policy and best practice, provide accurate reports to line management and follow up on implementation of recommendations made.

Stakeholder Management

• Promote a strong cyber risk aware culture by coordinating the implementation of the bank’s Cyber Risk Management Framework and provide regular reports to the Management Risk Committee regarding the bank’s IT and Cyber risk profile.
• Perform risk assessments on existing and/or prospective bank IT products, services, projects, vendors and new markets as and when required and monitor the implementation of plans and movement of the risks
• Provide timely and accurate ICT and Cyber risk information to external and internal stakeholders as and when required.
• Advocate and support the culture of informed IT and Cyber risk-taking and heighten awareness on emerging cyber risks and necessary controls required to proactively safeguard the bank’s assets.
• Establish a high level of trust and credibility by building and maintaining relationships as the key risk assurance partner to the bank’s IT department.
• Effectively lead team members, whenever appointed, to encourage maximum performance in line with the performance management guidelines, HR policies and programs.
• Be a role model and promote the Bank’s organizational culture by creating a positive impact at every touch point with people through actions and inactions

Qualifications & Experience

• Bachelor’s Degree in Computer Science /IT or related field from a recognised university.
• IT Security related Certifications and/or IT Security postgraduate education is an added advantage.
• At least three (3) years of IT and cyber risk assurance experience
• At least two (2) years’ experience supporting implementation and/or managing of complex IT security projects is required.

Personal skills and abilities

• Ability to identify, analyze, and evaluate IT risks
• Understanding of IT infrastructure, cybersecurity trends, and emerging technologies
• Ability to communicate complex IT risks to non-technical stakeholders
• Critical thinking and problem solving
• Relationship building skills
• Ability to plan risk management approaches

Opportunity Bank is an equal opportunity employer. All qualified candidates are encouraged to apply, regardless of disability, gender, marital status, religion and ethnicity.