Chief Information Security Officer

Full Job Description

• Develop and implement the company‘s Cyber Security program and enforce the security policy.
  
• Ensure that the company maintains a current enterprise—wide knowledge base of its devices. applications. and their relationships, including but not limited to:1. Software and hardware asset inventory 2.Network maps fincluding boundaries. traffic, and data flow and 3. Network utilization and performance data.
  
• Ensure that information systems meet the needs at the company and the ICT strategy. in particular information system development strategies, comply with the overall business strategies, risk appetite, and lCT risk management policies of the institution.
  
• Design Cyber Security controls with the consideration of users at all levels of the organization, including internal (ie. management and staff) and external users {i.e. contractors/consultants. business partners, and service providers].
  
• Organize professional cyber—related training to improve the technical proficiency of staff.
  
• Ensure that regular and comprehensive cyber risk assessments are conducted.
  
• Ensure that adequate processes are in place for monitoring IT systems to detect Cyber Security events and incidents on time.
  
• Report to the CEO / CRO on an agreed interval but not less than once per quarter on the following:1. Assessment of the confidentiality, integrity, and availability of the information systems in the Bank. 2 Detailed exceptions to the approved Cyber Security policies and procedures 3. Assessment of the effectiveness of the approved Cyber Security program 4. All material Cyber Security events that affected the company during the period.
  
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
  
• Incorporate the utilization of scenario analysis to consider a material cyber—attack. mitigating actions. and identifying potential control gaps.
  
• Ensure frequent data backups of critical lT systems (eg. real-time backup of changes made to critical data) are carried out to a separate storage location.
  
• Ensure the roles and responsibilities at managing cyber risks including in emergency or crisis decision-making, are clearly defined, documented, and communicated to relevant staff.
  
• Continuously test disaster recovery and Business Continuity Plans [BCP] arrangements to en5ure that the company can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber— crime.
  

• University degree Computer Science and other lCT related courses.
  
• Certified information Security Manager {ClSM}
  
• Certified Information Systems Security Professional {ClSSP}
  
• At least 5 years working experience in Business/IT Applications support
  
• Familiarity with service delivery culture and support function.
  
• A structured approach to dealing with complex and variable work environments in an independent manner.
  
• Ability to balance opposing business requirements.
  
• Ability to balance long term and short term requirements independently
  
• Strong evaluation. communication and reporting skills
  
• Able to provide advice and cause/effect evaluation to support business decision making
  
• lndependent and logical thinker, yet an achiever and implementer
  
• Strong ethic.