Information Security OfficerReports To: Head of ITDepartment:Information Technology Division:Business Support
Job Purpose Statement
The purpose of this role is to provide continuous independent assurance on the bank’s Information Security as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Information Security Policy and supporting procedures.
Key Responsibilities
- Implementation and evaluation of Technology Controls for Operating system, T24 application, Data base management system interfaces and the network.
- Improvement of Information Security Program Development, Management and Evaluation processes.
- Promotion of Information Security awareness within the organization through guidance, consulting and coordinating relevant programs to ensure an IS compliant culture.
- Information Security Program Development, Management and Evaluation.
- IS Guidance Consulting and Coordination.
Technology Controls Function
- Complete supervision of technology control function,
- Review of operating and information systems to ensure that they support business functions in a controlled manner, identify issues that represent risk to the business, report the findings, prepare audit reports for management information.
- Provide input for technology management to monitor and track issues until corrective actions are completed,
- Development of/involvement in independent review of technology related procedures, product programs to ensure that the appropriate infrastructure is incorporated into the different business initiatives and the bank technology policies are respected.
- Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT department on effective responses or control measures.
- Review of all relevant system logs to identify and address activity that is not consistent with set out Information Security guidelines and standards.
- Carry out Information Security reviews along the various phases of a project’s lifecycle as detailed in the bank’s Project Management framework to ensure that all delivered.
- Proactively enforce the IS Policy that will act as a springboard to exercise authority in ensuring compliance to standards and controls designed to mitigate identified business risks.
- Manage the implementation of IS into the day-to-day operations and culture of the Business.
- Work with business managers to develop IS practices into operational procedures based on the ISP&S and IS Guidelines.
- Review IS policies, standards, guidelines, and directives and communicate business position to unit head.
- Participate in formulation of Risk Acceptance requests.
- Identify key business contacts to ensure adequate coverage for the business’ Information Security program.
- Meet regularly with business and technology managers.
- Provide monthly reports to unit head on the status of Information Security programs and initiatives.
- Advocate to senior executive management, through the GM RMD, for their commitment to continuous Information Security Frameworks.
- Provide interpretation of the ISP&S to the Business.
- As principal advocate for Information Security Awareness in the bank, develop and monitor security awareness programs for all employees that communicate their role and responsibilities.
- Ensure information security solutions are consistent with theISP&S and corporate architectural directions/directives and oversee deployment.
- Lead businesses in development of action plans as a result of gap assessment findings, and/or ethical hacking results.
- Provide guidance in resolving IS audit findings and lead the development of reports and corrective action plans.
- Coordinate self-assessments, gap assessments, risk acceptance and other control related efforts with the business, controls and compliance functions.
- Be aware of application, product and system development within the business and appraise the effect and appropriateness of planned changes to the existing control framework.
- Integrate the Information Security Review Process (ISRP) into all business development, acquisition and project management scenarios.
- Ensure that Information Security objectives are incorporated into all application, product, system and services lifecycles.
- Evaluate impact of business change/ reengineering efforts on information security controls.
- Maintain a relationship with internal and external auditors to guide their activities and also support the implementation of agreed corrective actions.
- Attend relevant training on emerging trends and practices within the IS field
- Network within the profession and relevant associations to keep abreast with industry
- Reference relevant professional institutions e.g. CoBIT, ISO17799, ISF’s Standards of Good Practice, to enable the bank achieve world-class information security practices.
- Knowledge and good understanding of Information Security and control objectives.
- Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
- Appreciation of Audit methodologies.
- Fair understanding of Information Systems architecture and operational practices.
- Familiarity with Computer Aided Audit Tools.
- Good written and oral communication skills for effective audit report writing and presentations.
- Performance management to optimize personal productivity.
- Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or benchmarks.
- Self-management to enable development of open communication, teamwork and trust that are needed to support true performance and customer-service oriented culture.
- Personal motivation and drive exhibited through commitment to work hard towards goals and showing enthusiasm and career commitment.
- Undergraduate degree in Computer Science /Information Technology – Minimum Upper 2nd Class honors or 3.0 GPA.
- Minimum 6 years working experience in a busy IT environment.
- Experience of working in the IT function within a banking environment will be an advantage.
- Certified Information Systems Auditor certification.
- Understanding of quality control process.
If you feel that you are up to the challenge and posses the necessary qualification and experience please send your resume and application letter indicating your experience and why you are the most suitable candidate for the role, quoting the Job Title as the subject of your email to: jobs.cba@cbagroup.com by the 2/3/2013.
Only shortlisted candidates will be contacted.
+We are an equal opportunity employer, and do not ask individuals to supply funds as part of the recruitment process.
Information Security Officer at CBA Bank
Reviewed by Unknown
on
10:54:00 PM
Rating: