JOB DETAILS:

Job Purpose

The Information Communications Technology (ICT) Risk Manager will support the risk identification, assessment, and management process across all aspects of Information Technology for the business while providing an independent assurance to management that established controls are operating as intended to ensure compliance with regulations and established Bank policies and procedures.

Key Responsibilities

• • Proactively enforce IT Risk Policy in ensuring compliance to standards and controls designed to mitigate identified risks.
  • Timely Execution of the allocated information risk management program components.
  • Maintaining and updating IT Risk register including follow-up on closure of identified IT risk gaps.
  • Review threat and vulnerability analysis reports of various bank assets and programs as per the bank’s ICT policy and procedures.
  • Participate in development and review of IT policies and procedures in compliance to regulatory requirements and industrial best practices.
  • Provide monthly/ Ad-hoc reports to the Head of Risk on the status of IT Risk management Programs and Initiatives.
  • Conduct self-assessments, gap assessments, risk acceptance and other control related efforts with the business and other control functions.
  • Keep the Head of Risk department up to date on the results of the risk assessments and make recommendations for mitigations, or projects, to protect systems or cover potential losses.
  • Review application, product and system developments within the business and appraise the effect and appropriateness of planned changes to the existing control framework.
  • Monitor regulations and technology trends to identify and analyze emerging IT risks
  • Oversee the information security awareness and sensitization activities for bank employees and customers

Business Continuity Management

• Coordinate the development and implementation of business continuity/disaster recovery plan activities and threats to the systems.
• Conduct business impact analysis to ensure that key resources both tangible and intangible are adequately protected with proper security measures and controls.

Ad-hoc activities

• Stay knowledgeable of current advances in all areas of Information Technology concerning vulnerabilities, security breaches or malicious attacks.
• Perform any other duties as may be assigned from time to time

Desired Knowledge, Skills & Abilities:

• Must have a bachelor’s degree in either Information Technology, Mathematics, Computer Science, or a related field.
• Certified Information’s Systems Auditor Certification (CISA) OR Certified Information Security Manager (CISM) OR CISSP Understanding of quality control process.
• Minimum of 2 - 3 years' experience in the same role, in a similar environment with a consistently good performance record for the last 1 year.
• Good knowledge and understanding of IT and banking operations, processes, and regulatory requirements.
• Excellent inter-personal skills
• Self-motivated, intuitive, innovative, and creative.
• General knowledge of risks related to businesses and the industry.
• Ability to learn and easily adapt to changes in regulatory requirements, bank processes and procedures.
• Must be proactive, have critical thinking, analytical, pay attention to detail with problem-solving skills to quickly stop threats of significance to the institution.
• Ability to produce clear and concise reports to Senior Management.
• Plan, organize and prioritize own work schedule in conjunction with colleagues and under the direction of Head of Risk.
• Ability to deal with sensitive issues in a confidential manner.
• A good organizer who can prioritize and adapt to meet varied deadlines. Must easily adapt within a pressurized changing environment.