Chief Information Security Officer (RFHL)

Our Client, Republic Financial Holdings Limited (RFHL), is seeking to fill the position of Chief Information Security Officer (CISO).

Position Overview:

The CISO will have a specific mandate to enhance various aspects of RFHL’s cybersecurity program. The CISO will be responsible for developing and implementing a comprehensive cybersecurity program that supports the bank’s digital ambitions while safeguarding its legacy systems. The CISO’s expertise in securing digital environments and managing complex legacy infrastructures will be crucial in driving the organization’s digital transformation securely and mitigating associated cyber risks.

Responsibilities:

• Legacy System Security:
• Assess the security posture of the bank’s systems and infrastructure, identifying vulnerabilities and risks.
• Develop strategies and roadmaps to enhance the security of systems, including securing data transfers, hardening configurations, and implementing access controls.
• Collaborate with IT teams to prioritize and implement security improvements within the constraints of the bank’s systems.
• Ensuring that security requirements are documented, kept up to date, and implemented when evaluating vendor software and in the institution’s own SDLC is critical to ensure that new vulnerabilities are not introduced.
• User Access and Authentication:
• Assess and enhance user access and authentication processes and tools to strengthen security controls.
• Implement multi-factor authentication (MFA) and other strong authentication mechanisms where applicable.
• Ensure appropriate access controls, segregation of duties, and least privilege principles are followed.
• Cybersecurity and Privacy Awareness:
• Develop and deliver comprehensive cybersecurity and privacy awareness programs for employees at all levels.
• Conduct regular training sessions, workshops, and awareness campaigns to educate employees on best practices and emerging threats.
• Promote a culture of security and privacy awareness throughout the organization
• Vulnerability and Patch Management:
• Establish and enhance vulnerability and patch management frameworks and processes.
• Implement tools and technologies to scan for vulnerabilities, prioritize remediation efforts, and track patching progress.
• Collaborate with IT teams to ensure timely and effective patching of vulnerabilities across systems and applications.
• Cybersecurity Testing:
• Enhance cybersecurity testing capabilities, including penetration testing, vulnerability scanning, and security assessments.
• Conduct regular security assessments to identify weaknesses and gaps in the bank’s systems, networks, and applications.
• Coordinate with internal or external resources to perform comprehensive penetration tests to identify potential vulnerabilities and risks.
• Incident Response and Security Operations Center (SOC):
• Establish and lead a Security Operations Center (SOC) to improve incident response capabilities.
• Develop and maintain an incident response plan, including clear escalation and communication protocols.
• Define procedures for identifying, responding to, and recovering from security incidents in a timely and effective manner.
• Compliance and Regulatory Requirements:
• Establish and maintain a governance framework for cybersecurity that covers digital transformation initiatives and legacy systems.
• Ensure compliance with relevant cybersecurity regulations, industry standards, and best practices.
• Stay up to date with changing regulatory requirements and industry trends related to cybersecurity and privacy.
• Collaborate with legal and regulatory teams to address any compliance issues and ensure alignment with regulations.
• Ensure the company's data privacy is secure and the privacy program meets with applicable regulatory requirements.
• Cybersecurity Architecture and Technologies:
• Design and implement a robust cybersecurity architecture that supports the bank’s digital initiatives.
• Evaluate and select appropriate security technologies and solutions, including next generation firewalls, intrusion detection systems, identity, and access management tools, and encryption mechanisms.
• Ensure the integration and interoperability of security solutions within the existing IT landscape.

Qualifications and Experience:

• Bachelor’s Degree in Computer Science, Information Security or related field; or professional qualifications such as CISSP, CISM, or CISA.
• Master’s in Computer Science, Information Security or related field will be ideal.
• Extensive experience (minimum 10 years) in information security, with a focus on the areas outlined in the job description.
• Strong knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST Cybersecurity Framework, ISO 27001, etc.).
• Experience in enhancing user access and authentication processes, conducting awareness training, managing vulnerabilities, and establishing a SOC.
• Experience with defining and implementing security capabilities for cloud-based technologies, including defining and implementing a shared security responsibility model.
• Experience in dealing with and managing third party security providers.
• Familiarity with incident response procedures and security operations center operations.
• Excellent leadership, communication, and interpersonal skills, with the ability to collaborate and influence stakeholders at all levels.

We wish to thank all applicants for their interest, however, only those favourably considered will be contacted.