ICT Risk Officer

The ICT Risk Officer (internally referred to as the IT Security Manager) is responsible for developing, implementing, and managing the bank’s information security strategy to protect systems, networks, and data. The role ensures alignment with the bank’s risk management framework, regulatory requirements, industry best practices, and group-wide standards.

Responsibilities

Information Security Strategy & Governance

• Develop and implement the bank’s information security strategy aligned with enterprise risk management.
• Establish security policies, standards, and procedures.
• Ensure compliance with regulatory requirements, including central bank regulations and data protection laws.
• Report on the security posture and associated risks to senior management and risk committees.

Risk Management

• Identify, assess, and mitigate IT and cybersecurity risks.
• Conduct regular risk assessments and vulnerability analyses.
• Integrate IT security into the bank’s overall risk management framework.
• Maintain risk registers and track remediation actions.

Security Operations & Incident Management

• Oversee security operations, including monitoring, detection, and response.
• Lead incident response and the investigation of security breaches.
• Ensure timely resolution and reporting of incidents.
• Coordinate disaster recovery and business continuity planning.

Compliance & Audit

• Ensure compliance with standards such as ISO 27001 and PCI DSS.
• Coordinate internal and external security audits.
• Address audit findings and implement corrective actions.

Security Architecture & Controls

• Design and implement secure IT infrastructure and systems.
• Manage identity and access management (IAM), encryption, and network security controls.
• Oversee third-party and vendor security risk management.

Awareness & Training

• Promote security awareness across the bank.
• Conduct training programs on cybersecurity best practices.
• Foster a culture of security and risk awareness.

Key Performance Indicators (KPIs)

• Reduction in security incidents and vulnerabilities.
• Positive compliance audit results and regulatory adherence.
• Efficiency in incident response time and resolution.
• Effectiveness of risk mitigation strategies.
• User awareness and training completion rates.

How to Apply

Interested and qualified candidates should apply online via the provided application link or visit the official website.