Assistant Manager - Information Security, Governance and Risk Management at African Export-Import Bank (Afreximbank)

Reference No: LJBLR-ISGRM-0014

Nature & Scope

• The objective of the function is to play a critical role in supporting the development, implementation, and maintenance of information security policies, procedures, and practices to protect Bank’s sensitive information and assets.
• He will collaborate with various teams to assess risks, identify vulnerabilities, and implement effective security measures to mitigate threats.

Functions
Specifically, the function aims to:

• Assist the Bank in Information security governance and risk management activities.
• Assist the bank in attaining information security objectives through development of policies, guidelines & procedures.
• Ensure security policies and procedures are being implemented and maintained.
• Assist in regular internal and external audits exercise.
• Support the day-to-day operations of IT Security and Risk Management.

Duties and Responsibilities
The core tasks, duties, and responsibilities are listed below:

• Policy and Procedure Development: Collaborate with senior management and stakeholders to develop and update information security policies, procedures, and guidelines in accordance with industry standards and regulatory requirements.
• Risk Assessment and Management: Conduct risk assessments to identify potential threats and vulnerabilities to the Bank’s information systems and assets. Develop risk mitigation strategies and ensure their implementation across the organization.
• Security Awareness Training: Develop and deliver security awareness training programs to educate employees about information security best practices, policies, and procedures. Foster a culture of security awareness and compliance throughout the Bank.
• Incident Response and Management: Assist in developing and maintaining an incident response plan. Respond to security incidents promptly, investigate root causes, and implement corrective actions to prevent recurrence.
• Security Monitoring and Analysis: Monitor security systems and tools for suspicious activity, analyze security logs and reports, and investigate anomalies. Take proactive measures to detect and prevent security breaches.
• Compliance and Audit Support: Assist in ensuring compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001). Support internal and external audits and regulatory inspections.
• Third Party and Vendor Risk Management: Assess the security posture of third party vendors and service providers. Review contracts and agreements to ensure compliance with security requirements and standards.
• Security Incident Reporting: Prepare and present regular reports on information security incidents, trends, and metrics to senior management and stakeholders.
• Provide recommendations for improving the organization’s security posture.
• Perform continuous security assessment of the bank’s information systems security architecture.
• Perform continuous risk and control security assessment.
• Conduct regular logical access review and assessment.
• Stay abreast of emerging cloud technologies and proactively assess and evaluate the adoption thereof.
• Responsible for the thorough documentations of implementations, via technical documentation and runbooks
• Stay abreast of emerging security threats, vulnerabilities and controls and proactively provide recommendations and remediations.

Qualifications and Experience

• Bachelor's Degree in Computer Science / Information Technology / Computer Engineering / Engineering / Management Information Systems or Computer Engineering or other relevant degree from a recognized University, a
• Master’s degree in a relevant field or a recognized professional qualification in lieu;
• Relevant security certifications such as ISC2 CISSP, CISA, CISM, SANS, OSCP, CEH, equivalent security-related industry certifications
• Minimum of 5 years of proven experience in information security, risk management, or related roles.

Skills, Knowledge, and Attitude:

• Strong understanding of information security principles, standards, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework).
• Experience conducting risk assessments, vulnerability assessments, and penetration testing.
• Excellent analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
• Experience with Linux, Windows operating systems and cloud provider ecosystems such as Amazon AWS and AZURE is a must.
• Practical knowledge of AWS foundation services related to compute, network, storage, content delivery, administration, security, deployment, and automation technologies.
• Experience in architecting, designing, and programming applications and ample experience in high level programming languages such as C++, C#, Java, Python, Visual Basic
• Good understanding of security assessment framework such as CIS benchmark and NIST
• Experience with security tools and technologies (e.g., SIEM, IDS/IPS, DLP, endpoint protection).
• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate security concepts to non-technical stakeholders.
• Ability to work independently and prioritize tasks in a fast-paced environment.
• Excellent verbal and written communication skills in English.
• Willingness to travel and to work long hours where required to achieve the Bank’s objectives.