Chief Information Security IO at Jubilee Life Mortgage Bank

Job Duties

• Responsible for identifying, developing, implementing, and maintaining processes across the Bank to reduce information and Information Technology (IT) risks.
• To respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures.
• Responsible for information-related compliance (e.g., supervises the implementation to achieve ISO/IEC 27001 (ISMS) and ISO 22301 (BCMS) certification for the Bank.
• Computer emergency response/computer security incident response in conjunction with team members’
• Developing and managing a security program for the company, otherwise known as a cyber risk management framework
• Providing training to security and general staff on security protocols.
• Initiating regular network monitoring and network security audits.
• Staying up-to-date with the latest regulatory and cybersecurity developments that affect the business’s security framework
• Disaster recovery and business continuity management.
• Information regulatory compliance (e.g.,  PCI DSS,  Data Protection Regulation Act 2019, ISO 27001:ISMS & ISO 22301: BCMS),
• Engage in systems/applications testing to ensure they meet agreed systems requirements.
• Monitoring access to all systems and maintains access control profiles on computer network and systems.
• Track documentation of access authorisations to all resources and perform other identity and access management functions.
• Developing and/or maintaining appropriate segregation of duties within and across applications.
• Information risk management, including research and investigate measures that address data security risks and potential losses for reporting purposes.
• Ensuring adequate security of-channels are established.
• Carrying out monthly VAPT on internal and external infrastructure of the bank.
• Carrying out VAPT on new application or device deployed within and outside of the bank infrastructure before going live/production.
• Formulation and implementation of necessary security policies and procedures.
• Ensuring regular testing of cloud backups, secondary data centre and other backups.
• Maintaining Information Security and Business Continuity Management Systems of the Bank.
• Coordinating ISO 27001 and ISO 22301 re-certification and other certification audits relating to information system of the Bank.
• Responsible for information regulatory compliance and Information Technology Controls.
• Documenting any security breaches and assessing their damages.
• Educating colleagues on security software and best practices for information security.
• Designing and enforcement of policies and procedures that protect our organisation's computing infrastructure from all forms of security breaches.
• Monitoring the organisation's IT system to look for threats to security.
• Establishing protocols for identifying and neutralizing threats and maintaining updated anti-virus software to block threat.
• Identifying vulnerabilities in our current network.
• Developing and implementing a comprehensive plan to secure our computing network environment.
• Monitoring network usage to ensure compliance with security policies.
• Keeping up to date with developments in IT security standards and threats.
• Performing penetration tests to find any flaws.
• Collaborating with management and the IT department to improve security.
• Other duties assigned by the Head of department or Management.

Qualifications

• Minimum of HND/B.Sc in computer science or related field, minimum 8+ years of progressive experience in information Security and banking industry.
• Relevant professional certifications such as CISA, ISO, CISM or CISSP and Qualified Membership of a Professional Accounting Body, MBA or other IT Certifications and/or a second degree are added advantages.
• Experience in an information security role, Cybersecurity.
• Solid knowledge of various information security frameworks.
• Excellent problem-solving and analytical skills.
• Ability to educate a non-technical audience about various security measures.
• Strong Knowledge of regulatory bodies, and the regulations and guidance issued by these bodies, overseeing banks, credit unions, and financial services organisations, such as the FDIC, FinCEN, Federal Reserve Board, Office of Thrift Supervision, and NCUA.

Competency:

• Minimum of HND/B.Sc in computer science or related field, minimum 8+ years of progressive experience in information Security and banking industry.
• Relevant professional certifications such as CISA, ISO, CISM or CISSP and Qualified Membership of a Professional Accounting Body, MBA or other IT Certifications and/or a second degree are added advantages.
• Experience in an information security role, Cybersecurity.
• Solid knowledge of various information security frameworks.
• Excellent problem-solving and analytical skills.
• Ability to educate a non-technical audience about various security measures.
• Strong Knowledge of regulatory bodies, and the regulations and guidance issued by these bodies, overseeing banks, credit unions, and financial services organisations, such as the FDIC, FinCEN, Federal Reserve Board, Office of Thrift Supervision, and NCUA.

Skills:

• Effective verbal and written communication skills.
• Knowledge of a Mortgage Bank’s structure, operations, policies and procedures.
• Knowledge of a Mortgage Bank’s products and services.
• Knowledge of ethics and fraud related issues.
• Knowledge of corporate governance.
• Knowledge of tax operations/regulations.
• Knowledge of relevant financial reporting standards.
• Knowledge of a Mortgage Bank’s banking applications and channels.
• Working relationship with Law Enforcement Agencies and other banks.
• Knowledge of System Access Control.
• Knowledge of system architecture and security.
• Knowledge of controls that have been put in place in the Banks operating environment.
• Knowledge of the principle of Audit & control, Risk Base Audit and Risk Assessment process.
• Knowledge of the principle of dual control.
• Knowledge of Database Management Systems.
• Knowledge of Query languages (e.g. SQL)
• Candidate Abilities & Personality Profile
• Attention to Detail.
• Interpersonal Skills.
• Decision Quality & Problem Solving
• Developing Others
• Directing Others.