Manager – Information Security

ABOUT THE COMPANY To be the preferred bank to our chosen market. JOB SUMMARY Minimum Requirement; Work Experience, Academic and Professional Qualifications.Bachelor’s degree in information systems, Computer Science, Information Security or any related field from a recognized and accredited institution.At least eight (8) years’ experience in information security, risk management and governance with at least three (3) years conducting compliance assessments, implementing IT controls, cyber security management etc.Certified in information security knowledge areas, such as an ISACA related certification e.g. CISM/ CISA, Certified Ethical Hacker, Licensed Penetration Tester amongst others and from a recognized and accredited institution.In-depth knowledge of information security governance frameworks such as ISO 27001/2, PCIDSS, NIST, OWASP etc.Knowledge of authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM).Good knowledge of the local and regional regulatory and statutory information security and risk management, cyber security and data protection requirements and good/ best industry practices.A good understanding of banking and or financial services operations, processes and practices.Competencies and Attributes.Driven by results and business outcomes.A good understanding of business principles and industry and market trends.Critical thinker

• Objective analysis of information, consideration of multiple perspectives, etc.Ability to analyze and define a problem, evaluate alternatives, find efficient solutions, and make optimal desirable choices/ decisions.Goal oriented
• Setting clear objectives and actively working to achieve them.Strong planning, organization and self-management.Continuous professional learning
• Ability to continuously acquire knowledge and updates with current happening/ new industry developments. RESPONSIBILITIES Develop and implement the Bank’s information security strategy, framework and policies, and liaise with the Head of Enterprise Risk to ensure full alignment with the Banks Enterprise Risk Management Framework and Governance, business goals and group requirements.Drive and ensure the full implementation of all technology control systems and continuously monitor against business requirements, identified and reported incidences and good practices to ensure that they remain relevant and robust.Design and put in place an appropriate information security architecture and coordinate reviews to assess data losses and breaches and prioritize solutions and actions to minimize and mitigate business threats and risks.Develop and implement information security risk assessments and penetration testing schedules and procedures and ensure these are undertaken as required to identify and remediate vulnerabilities.Lead in the implementation and continuous moni