Information Security and Risk Assurance Officer

The Information Security Risk & Assurance Officer

INTERNAL ADVERTISEMENT

ENTERPRISE RISK MANAGEMENT & COMPLIANCE

Suitably qualified persons are invited to submit applications to fill the following position:

Information Security Risk & Assurance Officer

General Accountability

The Information Security Risk & Assurance Officer is a specialized, senior professional level role that supports the Manager, Information Security in providing assurance regarding the Corporation’s security posture.  The role is critical to the implementation & maintenance of a robust, enterprise-wide Information Security Program for the Corporation.

Key Responsibilities

Independently and proactively assess, monitor and report on the overall Information Security health and risk environment at the Corporation and recommend strategies for improvement.

•        Support implementation of an ongoing risk assessment program for Information Security.
•        Develop and maintain the processes to identify relevant threats, risks and vulnerabilities to the Corporation from an information security perspective
•        Conduct independent risk assessments and testing of systems, applications and processes to monitor adherence to information security policies and to identify control deficiencies
•        Recommend to ICT appropriate and effective controls and action plans to mitigate identified information security threats and risks
•        Collaborate with ICT to develop/recommend appropriate Key Risk Indicators (KRIs) 
•        Support the development/enhancement of a dashboard to report and monitor security risks
•      Assist with monitoring and reporting on emerging risks and the overall information security health & risk environment as well as the   status of the information security program for the Corporation.
•       Analysis of enterprise-wide information security risks, threats and vulnerabilities

Promotion of a culture of Security Awareness throughout the Corporation

•      Support the development and delivery of an education and training program on information security for various stakeholders within      the Corporation.
•      Facilitate and promote activities to create information security awareness throughout the Corporation

Support the implementation and maintenance of the information security education and training Software and other related technologies.

•       Maintenance and Administration of the software.
•        Works with relevant stakeholders to resolve issues related to software administration

Support the formulation and maintenance of information security standards, procedures and guidelines in line with the Enterprise Risk Management Framework

•   Supports the development, documentation and maintenance of the Corporation’s information security standards, procedures & guidelines
•  Document the process maps and procedures required for the Information Security Processes

Provide advisory services to the enterprise on information security matters.

•   Act as an advisor on the Corporation’s Information Security offerings, policies, procedures and standards.
•   Review business cases and project plans to identify security gaps and recommend enhancements
•   Participate in various projects and strategic initiatives to identify security requirements and considerations and advise on security risks    and threats.
•  Research and highlight emerging risks, threats and vulnerabilities that are relevant to the Corporation to the Manager, Information   Security.
•  Assist with information security consulting to the business and technology teams covering Infrastructure Security, Disaster Recover, Management of Data, Network Architecture and Design, User Access Management and Management of Third Parties

Support the Information Security Strategy execution

•   Assist with development and maintenance of an information asset register
•   Assist with maintenance of Information Security Risk Register
•   Support the implementation and roll out of Data Classification in the Corporation
•  Execution of other related information security strategic initiatives and projects as determined by Manager, Information Security

The selected candidate must possess the following combination of qualifications, skills, training and experience:

•        A First Degree in a relevant field from an accredited tertiary institution
•        Minimum of five (5) years’ experience in a similar position within the financial industry and
•        Three (3) years’ supervisory experience

OR

•       A Diploma in a relevant field from an accredited institution
•       Minimum of six (6) years’ experience in a similar position within the financial industry and
•       Four (4) years’ supervisory experience
•       Suitable combination of training and experience
•        High confidentiality and integrity
•        Passion for delivering excellent customer service
•        Good analytical skills to assess and interpret trends
•        Good oral and written communication skills
•        Strong interpersonal skills
•        Investigative and interviewing skills
•        Working knowledge of Microsoft Office tools
•        Very good mentoring and coaching skills.
•       Excellent organizational skills.
•        Excellent analytical skills
•       Proficiency in Excel and the entire Microsoft Office Suite
•        Ability to lead and work in teams