Supervises and participates in the implementation of information security policies, procedures, standards and guidelines across all divisions and subsidiaries by: - Delivering security training and other educational activities - Monitoring compliance with and reporting breaches of established security and IT policies, procedures, standards and guidelines. - Tracking and preparing periodic status reports on all the implementation pertaining to information security policies, procedures, standards and guidelines. - Leads IT Division officers & other officers of the bank involved in security administration duties by:
- Guiding and monitoring their daily security administration activities. - Ensuring that their activities comply with established information security policies, procedures, standards and guidelines. - Participates in the evaluation and selection of IT applications and infrastructure by evaluating their adherence to information security policies and standards. - Participates in the analysis, evaluation and selection of appropriate security technology which protects the bank’s information assets against unauthorized access, modification, and destruction, and safeguards their availability.
- Supervises the implementation and testing of information security-related infrastructure and systems and provides guidance in:
- Analyzing system and information security against bank requirements and promoting configurations that meet these requirements. - Ensuring recommended enhancements or changes to the production environment conforms to specifications and established security standards. - Leads the Investigation and resolution of information security incidents and intrusions.
- Coordinates and conducts periodic threat and vulnerability assessments on the bank’s information systems and infrastructure.
- Conduct IT risk assessments covering the areas of IT governance, information security, IT support and operations, IT system development, IT change management, disaster recovery, people and third party risks in accordance with the established risk management framework.
- Analyse and report findings from the IT risks assessments and track remediation of issues identified.
- Coordinate tasks for the periodic IT risk assessments, including preparation of questionnaires, selection of respondents, collation and analysis of responses, empirical verification of identified risks, reporting of findings, documentation and follow up on action plans.
- Provides technical leadership and support for junior members of the Information security team by guiding and monitoring the activities of the team and preparing periodic status reports on projects and engagements. Developing detailed implementation activity schedules for completing security infrastructure upgrades.
|