Chief Information & Security Officer (CISO) at Antal International

Job Purpose

• Serves as the Bank’s process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies.
• A key element of the CISO's role is working with the CEO and Executive Management to determine acceptable levels of risk for the Bank in alignment with the overall risk appetite of the Bank.

Responsibilities:

• Implement and monitor the strategic, comprehensive information security and Cybersecurity management program
• Work directly with the Group office & other business units to facilitate risk assessment and risk management processes
• Effectively update approved policies for approval and ensure this is communicated to relevant stakeholders
• Write comprehensive reports including assessment-based findings, outcomes, and communications for further system security review.
• Provide leadership to the Banks' information and cyber security team
• Partner with business stakeholders across the Bank to raise awareness of information and cybersecurity concerns.
• Monitor and troubleshoot security solution/infrastructure as it concerns the Bank.
• Work with available intelligence to identify threats to the environment and propose/implement controls to minimize risk of future events where appropriate or advised.
• Provide regular updates to the CEO and Executive Management team on status of the subsidiary’s risk posture and security program
• Collaborate with Technology team to ensure that the Bank’s infrastructure stays protected from cyber threats and breaches

Key Performance Indicators (KPIs)

• Ensure all critical servers and applications are piped to the central SIEM
• Train staff to ensure the various levels of competencies required for a better security environment is achieved
• Carry out daily checks to ensure prized assets are not compromised. Regularly review checks to ensure they are in line with emerging threats
• Ensure Zero loss due to cyberattack to subsidiary operational availability.
• Implement expedited remediation of vulnerabilities (internal & external) in line with established timelines
• Ensure security is embedded in all technology related projects as it concerns your subsidiary
• Maintain the ISO Management System certification for the Bank

Skills / Competence Requirements

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST, PCIDSS.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing and services
• Hands on experience with incident and vulnerability management

Generic Skills

• Creative, and taking initiative
• Strong relationship management and communication skills with the ability to work collaboratively with colleagues across a number of departments and services as well as external stakeholders.
• Strong problem-solving, analytical skills and ability to work under pressure.

Professional Requirements

Qualification

• Minimum of a Master’s Degree in MSc in Information Security, Computer Science, Information Technology or related field

Professional Membership

• Industry recognised professional certifications such as MCTS, MCP, ITIL, CISA, COBIT, CISM, CRISC, CISSP, CFE, CCSP, CCSE, EC-Council

Minimum Experience

• Minimum 10+ years of experience performing security risk assessments, and security consulting and 3+ years of experience leading teams of information security professionals