JOB DETAILS:

PURPOSE OF THE ROLE

To assume a pivotal role in safeguarding BUBL’s digital assets, emphasizing the preservation of confidentiality, integrity, and availability of information. This role encompasses the evaluation, analysis, and mitigation of ICT-related risks, along with the formulation and execution of robust risk management strategies and policies.

MAIN JOB RESPONSIBILITIES

Conduct comprehensive risk assessments:

• Assess and analyse the bank’s ICT systems, applications, and processes to identify vulnerabilities and potential risks.
• Regularly review bank’s systems and banking application user rights and develop/update user right matrices.
• Maintain criteria for assessing applications and systems to measure compliance with company policies, procedures, standards, security training programs, technical infrastructure, and development efforts against internal compliance baselines.

Evaluate and enhance risk management processes:

• Analyse existing ICT risk management processes and recommend improvements to ensure a clear separation of operational and compliance responsibilities.
• Collaborate with IT teams to assess and evaluate new technologies, systems, ICT projects, IT vendors and applications for potential risks and vulnerabilities.
• Analyse database activities and user actions to detect and investigate any unauthorized or suspicious activities.
• Review the implemented security controls and hardening measures for database systems.

Training and awareness:

• Conduct training sessions for staff, emphasizing ICT risks and mitigation measures related to operations, strategy, and compliance.
• Policy and guideline development:
• Develop and implement ICT risk management policies, procedures, and guidelines to ensure compliance with regulatory requirements and industry best practices.
• Assist with assessments of vendors and business contracts for evaluation and tracking of risk changes.

e)     Incident monitoring and reporting:

• Review and analyse security incidents, conduct root cause analysis, and recommend corrective actions to prevent future occurrences.
• Prepare and present detailed reports on ICT risk assessments, incidents, and mitigation strategies to senior management and stakeholders.

Governance and Compliance:

• Monitor ICT activities to ensure adherence to set policies, procedures, and guidelines governing risk identification, assessment, control, and overall risk management processes.
• Work closely with Compliance to identify compliance baselines from legislative requirements and corporate objectives.
• Analyse audit findings and assist in implementing audit recommendations.

REQUIRED QUALIFICATIONS AND SKILLS

• Bachelor’s Degree: Typically, in a relevant field such as Computer Science, Information Technology, Cybersecurity, or Business with a strong IT focus.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC) is an added advantage.

KNOWLEDGE, SKILLS & COMPETENCES

• IT Knowledge: A solid understanding of information technology systems, networks, and infrastructure is essential.
• Cybersecurity: Proficiency in cybersecurity principles, threats, and best practices is crucial.
• Risk Assessment: The ability to identify and assess IT-related risks and vulnerabilities.
• Compliance: Understanding and ensuring compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001).
• Data Analysis: Analyzing data to identify trends, patterns, and anomalies that may indicate potential risks.
• Interpersonal Skills: Effective communication with team members, management, and other stakeholders.
• Reporting: The ability to communicate risk assessments and recommendations clearly and concisely to non-technical stakeholders.
• Problem-solving skills: The ability to respond effectively to IT security incidents and breaches.
• Industry Knowledge: Familiarity with industry-specific IT risks and regulations (e.g., healthcare, finance, government) can be advantageous.
• Team Player: Collaboration with cross-functional teams, including IT, legal, compliance, and management, is often required to address IT risks effectively.