This IT Security Risk Manager is responsible for all Cybersecurity and Compliance related activities. This role is required to interact with the IT team, various business units and stakeholders to enhance, execute and maintain Cybersecurity Governance and Compliance programs to ensure proactive management of policy alignment, audits/ assessments, and Cybersecurity risks to the bank.
Key Responsibilities:
Risk Assessment: Conduct regular security risk assessments to identify potential vulnerabilities, threats, and risks to the organization’s IT infrastructure and data.
Incident Response: Lead the development and implementation of incident response plans to quickly and effectively address security breaches and minimize their impact.
Vendor Risk Management: Evaluate third-party vendors and service providers to ensure they adhere to the organization’s security standards and mitigate associated risks.
Monitoring and Reporting: Monitor security risks and incidents, producing regular reports for senior management and providing recommendations for further actions.
Risk Governance: Collaborate with executive leadership to establish governance frameworks and risk appetite, aligning security strategies with business objectives.
Continuous Improvement: Stay informed about emerging cybersecurity trends, threats, and technologies, adjusting the organization's risk management strategy accordingly.
Compliance
• Carry out internal audits such as regular access rights reviews on critical systems and sample checks on Planned Preventative Maintenance activities (PPMs).
• Identify and recommend improvement opportunities such as automating and monitoring of compliance processes.
• Ensure that all bank staff adhere to the Information Security Policy and the Acceptable Use Policy.
• Ensure appropriate administrative, physical and technical controls are in place to protect from internal and external threats.
• Conduct periodic reviews and risk assessments to determine the extent to which key business areas and infrastructure comply with security control requirements.
• Collaborate on IT projects with relevant stakeholders within AfrAsia Bank to ensure that cybersecurity policy/cyber risk issues are addressed throughout the project life cycle.
• Perform Cybersecurity assessments for critical suppliers that holds bank’s data. Cybersecurity Training and Awareness
• Ensure all staff are properly trained and aware of the basic cybersecurity threats on a yearly basis or as and when required.
• Participate in the development of security, awareness and training guides.
Education:
Bachelor’s degree in Information Security, Computer Science, or a related field.
Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) preferred.
Proven experience in security risk management, preferably in the banking or financial services industry.
Strong understanding of regulatory requirements and frameworks such as GDPR, PCI-DSS, and ISO 27001.
Security Risk Management, Cybersecurity Governance, Compliance Audits, Risk Assessment, Incident Response, Vendor Risk Management, Regulatory Frameworks (GDPR, PCI-DSS, ISO 27001), Internal Audits, Cybersecurity Training and Awareness, Information Security Policies, CISSP, CISM, CRISC Certifications