KEY RESPONSIBILITIES:

Cybersecurity Program Development and Enforcement

Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.

Oversee and implement the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.

Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.

Comprehensive Asset and Infrastructure Management

Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (boundaries, traffic and data flow); and Network utilization and performance data to ensure complete visibility over information resources.

Oversee the continuous management of software and hardware asset inventories, network maps, and performance data to prevent unauthorized access and identify vulnerabilities.

Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.

Alignment with Strategic and Operational Objectives

Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.

Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).

Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.

Risk Assessment, Incident Detection, and Response

Ensure that regular, comprehensive cyber risk assessments are conducted, applying best practice and industry standards to evaluate emerging threats and vulnerabilities in the IT environment.

Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.

Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.

Policy Compliance, Exception Management, and Reporting

Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.

Reporting to the Executive Leadership and the Board on an agreed interval but not less than once per quarter on the following: Assessment of the confidentiality, integrity and availability of the information systems in the institutions; detailed exceptions to the approved cyber and technology policies and procedures; assessment of the effectiveness of the approved cybersecurity program; and all material cyber and technology events that affected the bank during the period.

Ensure prompt periodical reporting to the regulator as required by relevant regulations

Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.

Cybersecurity Training and Workforce Development

Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.

Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.

Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.

Cybersecurity Monitoring, Incident Detection, and Business Continuity

Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.

Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.

Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.

Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.

Ensure frequent data backups of critical IT systems (e.fg. real time back up of changes made to critical data) are carried out to a separate storage location.

Data Integrity, Confidentiality, and Availability

Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.

Manage and lead a team of security professionals. Coach, & mentor team members, ensuring capabilities as a team

MINIMUM POSITION QUALIFICATION REQUIREMENTS

a) Academic and Professional Certifications

Detail

Specific Field or Qualification

Need Type

Bachelor’s Degree

Information Security, Computer Science, or a related field.

Required

Professional Qualifications

Advanced certifications such as CISSP, CISA, CISM or CRISC are, or equivalent is highly desirable.

Certifications in CCSP, CCNA & SSCP (Familiarity with applicable regulations (e.g. GDPR, ISO 27001, Cyber security guidelines) is a plus

Required

Master’s Degree

Information Security, Computer Science, or a related field.

Added Advantage

b. Experience

Minimum of 5 Years experience preferably in.

Managing high-performing information security teams within a Regulated Financial Institution

Design & overseeing security policies, procedures & governance frameworks

Familiarity with various network and database monitoring tools.

Familiarity with applicable regulations (e.g. GDPR, ISO 27001, Cyber security guidelines)

Governance controls and Risk management

Deep understanding of cybersecurity principles, frameworks, and banking regulations

Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies

• Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.
• Oversee and implement the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.
• Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.
• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (boundaries, traffic and data flow); and Network utilization and performance data to ensure complete visibility over information resources.
• Oversee the continuous management of software and hardware asset inventories, network maps, and performance data to prevent unauthorized access and identify vulnerabilities.
• Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.
• Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.
• Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).
• Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.
• Ensure that regular, comprehensive cyber risk assessments are conducted, applying best practice and industry standards to evaluate emerging threats and vulnerabilities in the IT environment.
• Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.
• Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.
• Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.
• Reporting to the Executive Leadership and the Board on an agreed interval but not less than once per quarter on the following: Assessment of the confidentiality, integrity and availability of the information systems in the institutions; detailed exceptions to the approved cyber and technology policies and procedures; assessment of the effectiveness of the approved cybersecurity program; and all material cyber and technology events that affected the bank during the period.
• Ensure prompt periodical reporting to the regulator as required by relevant regulations
• Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.
• Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.
• Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.
• Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Ensure frequent data backups of critical IT systems (e.fg. real time back up of changes made to critical data) are carried out to a separate storage location.
• Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.
• Manage and lead a team of security professionals. Coach, & mentor team members, ensuring capabilities as a team

• Cybersecurity program development and enforcement
• Asset and infrastructure management
• Risk assessment, incident detection, and response
• Policy compliance, exception management, and reporting
• Cybersecurity training and workforce development
• Business continuity planning
• Data integrity, confidentiality, and availability management
• Team leadership and management
• Familiarity with various network and database monitoring tools
• Familiarity with applicable regulations (e.g. GDPR, ISO 27001, Cyber security guidelines)
• Governance controls and Risk management
• Deep understanding of cybersecurity principles, frameworks, and banking regulations
• Sound knowledge of business management
• Working knowledge of information security risk management and cybersecurity technologies

• Bachelor’s Degree in Information Security, Computer Science, or a related field.
• Advanced certifications such as CISSP, CISA, CISM or CRISC are, or equivalent is highly desirable.
• Certifications in CCSP, CCNA & SSCP (Familiarity with applicable regulations (e.g. GDPR, ISO 27001, Cyber security guidelines) is a plus
• Master’s Degree in Information Security, Computer Science, or a related field is an added advantage.