Manager, IT Services (Information Security & Risk) at African Export-Import Bank (Afreximbank)

Reference : SMF 33021

Job Description

• The objective of the function is to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies/standards and business objectives of Afreximbank.

Responsibilities
Risk Management:

• Maintain a risk management framework.
• Perform risk assessments on resources and projects to be protected.
• Perform vulnerability assessments to evaluate the effectiveness of existing controls.
• Report significant changes in risk to management on both a periodic and event-driven basis.
• Maintain and monitor a risk action plan.
• Update security standards and guidelines / procedures with results of risk assessments.

Information Security Governance:

• Ensure a framework for information security governance and IT control.
• Update and advise top management on security direction and issues.
• Review current and potential legal and regulatory issues affecting information security and assess their impact on Afreximbank
• Avail technical information about security systems and ongoing programs in the information security arena and especially as applied to financial organisations.
• Provide technical security expertise to IT staff to ensure that the requisite level of security is implemented in all information assets.

Information Security Policies:

• Leads the preparation and implementation of necessary information security policies, standards, procedures and guidelines
• Maintain and review information security policies that support business goals and objectives, and are consistent with applicable laws and regulations.
• Maintain standards, procedures and guidelines that support information security policies, and ensure business processes and IT infrastructure activities address information security risks.
• Maintain documentation of all information systems security and change management processes.

Information Security:

• Oversee and direct information security activities in line with the information security operations and programme / framework.
• Monitor and report on the effectiveness and efficiency of information security controls and the compliance with information security policies.
• Manage security plans and control techniques covering banking applications and supporting networks.
• Maintain access rules and exercise adequate control over the administration of user ID’s.
• Review and monitor change management procedures on all system changes, systems configuration changes and application of security patches to ensure that information security is not compromised.
• Perform system audit checks including pre-implementation and post-implementation of projects.
• Monitor and review operations logs and event console activity to identify potential security related events, and investigate all anomalies.
• Manage system compliance to identified achievement targets for end points (antivirus, patches, threats, etc).

Information Security Awareness:

• Lead and facilitate internal training and awareness of IT security policies, controls and best practices, as well as the impact of non-adherence in order to:
• Contribute to the implementation of IT governance;
• Promote accountability by business process owners and other stakeholders in managing information security risks.

Audit and Compliance:

• Ensure periodic IT audits / assessments to confirm that:
• The rules of use for information systems comply with the enterprise’s information security policies
• The administrative procedures for information systems comply with Afreximbank information security policies
• Change control management principles are adhered to
• Software inventory licensing is adhered to across all systems
• Services provided by other organisations, including outsourced providers, are consistent with established information security policies and
• Non-compliance issues and other variances are resolved in a timely manner.
• Conduct regular audits on IS facilities to ensure compliance to security policy, standards and guidelines / procedures.
• Work closely with the Risk department, as well as the Internal Auditor, and respond to all external and internal audit issues raised.

Incident and Response Management (IT Disaster Recovery):

• Lead activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
• Review response and recovery plans that include organising, training and equipping the teams.
• Periodically test the response and recovery plans, where appropriate.
• Ensure the execution of response and recovery plans, as required.
• Manage post-event reviews to identify causes and corrective actions.
• Any other duties as may be assigned by management.

Requirements
Qualifications and Skills:

• Bachelor’s degree in Computer Science, Information Technology or other relevant degree from a recognized University, a Master’s degree in a relevant field or a recognized professional qualification in lieu
• Minimum of 8 years’ experience as a Senior Business Analyst in a modern international ICT environment preferably an international bank
• Working knowledge of Project Management, Business Analysis, Requirement and functional specification
• Demonstrated expertise in all aspects of banking solution
• Demonstrated expertise in Solution architecture and system development life cycle
• Working knowledge of system testing
• Ability to map business processes and develop functional specification
• Implementation experience of ERP Software (Oracle, SAP, Peoplesoft) very desirable
• Knowledge of VB Scripting desirable
• Excellent verbal and written communication skills in English. Knowledge of the Bank’s other working languages is an added advantage (French, Arabic and Portuguese).

Contractual Information:

• Permanent
• Willing and able to relocate to Cairo
• Suitably qualified candidates from all African nationalities are encouraged to apply
• Tax-free salaries paid in USD