Report to Head Information Technology Department QUALIFICATION: A first degree in Computer Science, Information Technology, and related disciplines (Computer Engineering, Computer with Economics/ Mathematics, Management Information Systems, and Electrical/Electronic Engineering and any other Engineering Courses is required. A post graduate degree in any related discipline is required.
PROFESSIONAL MEMBERSHIP: Any of NCS, CPN, NIM, PMI or ISACA preferred.
PROFESSIONAL CERTIFICATIONS: Any of ITIL Manager; CISSP - Certified Information Systems Security Professional, SSCP – Systems Security Certified Practitioner, CIPP - Certified Information Privacy Professional, CISM - Certified Information Security Manager, CRISC - Certified in Risk and Information Systems Control, Certified Security Analyst & Licensed Penetration Tester
EXPERIENCE LEVEL: Management- Minimum of 15 years working experience in IT, of which at least 7 years should be at management level. Experience in IT security management is required.
Good knowledge and familiarity with leading practices in security standards/frameworks
Good knowledge of security issues relating to key platforms.
In-depth knowledge of Threat and Vulnerability Management, Penetration Testing, antivirus solutions and end point protection
Understanding of operating systems
Adequate knowledge of integrated business applications software such as Enterprise-wide applications
Adequate knowledge of information and knowledge management
Adequate knowledge of Contract management, Budget, and cost management and Quality control
PRIMARY RESPONSIBILITIES:
Implementation of Unit's mandate
Ensures the implementation of the Unit’s work plan.
Ensures timely rendition of Unit’s deliverables.
Manages the Unit performance.
Implementation of policy and standards
Defines and implements the policies and standards for a secure IT environment in accordance with the NIRSAL MFB’s Corporate Security strategy and international standards (ISMS, International Security Management System Framework e.g., ISO/IEC 27001, 27002)
Defines and implements the security reporting infrastructure.
Enforces compliance with auditing of security policies and procedures.
Plans and budgets for the implementation of security policies and procedures.
Assists in driving architectural improvements and standardization for the IT Security environments, including the definition of security policies & standards, security infrastructure & systems (e.g., firewalls, intrusion detection/prevention systems etc.)
IT security management
Provides the technical support and knowledge to include the security components in the Enterprise Architecture.
Identifies protection goals, objectives, and metrics consistent with corporate strategic plan.
Works with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
Oversees security incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches, as necessary.
Oversees activity of external consultants as appropriate for independent security / vulnerability testing.
Manages the review of security SLA with users and vendors.
Oversees vendors who assist to safeguard the Bank’s assets, intellectual property, and computer systems.
Leadership and management
Provides leadership and direction for the Unit.
Provides oversight and management for Unit’s budget and general administration.
Provides mentoring and coaching for the staff of the Unit.
PERSONALITY: energetic, driven, adaptable, able to work with no supervision, team spirit, proven leadership and problem-solving skills, willingness to relocate.
