Enterprise Security Manager (PAPSS) at African Export-Import Bank (Afreximbank)

Reference Number: SHRBLR002
Location: Cairo, Egypt

Pan African Payment and Settlement System (PAPSS)

• The Pan African Payment and Settlement System (PAPSS) is the first centralized payment market infrastructure for processing, clearing and settling of intra-African trade and commerce payments. PAPSS is an arm of the African Export- Import Bank (Afreximbank), which is a pan-African multilateral financial institution, established in 1993 for the purpose of financing and promoting intra and extra African trade. Afreximbank operates and manages PAPSS.
• PAPSS is now ready to start operations and is looking for experienced individuals, who are innovative, entrepreneurial and imbued with the passion and commitment to transform Africa through trade.

Responsibilities
Information Security and Risk Management:

• Responsible for managing the development, documentation, and implementation of PAPSS information security management policies, standards, procedures, and guidelines.
• Responsible for the development and management of cybersecurity resilience program/ framework.
• Develop and maintain framework for information security governance and IT control.
• Act as the organization’s information security strategist and provide advisory on security direction and issues to the Head of PAPSS and management.
• Review current and potential legal and regulatory issues affecting information security and assess their impact on PAPSS,
• Responsible for assessment of CPMI-IOSCO’s Principles of Financial Market Infrastructure (PFMI) Annex F and its impacts on PAPSS provision.
• Provide technical security expertise in the organization including to IT staff to ensure that the requisite level of security is implemented in all information assets.
• Responsible for managing and maintaining enterprise risk management framework.
• Manage risk assessments on resources and projects to be protected.
• Update security standards and guidelines / procedures with results of risk assessments.

Communications and Network Security:

• Manage and maintain security for the organization networks both LAN and WAN including but not limited to production, development, sandbox, and participants.
• Responsible for design, development, implementation and management of communications and network security of PAPSS infrastructure.
• Manage the security assessment and monitoring of network implementations including but not limited to routing, switching, firewalls, VPC, VPN, VLANs, WiFi, TCP/IP, etc
• Responsible for the security and resilience of PAPSS Virtual private network (VPN) e.g. site to site, DMVPN, etc with multiple central banks, financial institutions and Fintechs as well as multiple vendors.
• Manage and ensure secure communication channels for the PAPSS critical cross-border infrastructure as well as the organization.
• Basic knowledge of networks, setting up and maintaining servers and security-access/profiles.

Security Architecture and Assessment:

• Responsible for the secure design principles of the PAPSS including but not limited to design, monitor and redesign of fundamental concepts of security models to assess and mitigate vulnerabilities in system as well as to be ahead of continuous and evolving threats and cyber threats.
• Responsible for designing and overseeing the development and support of security capabilities of the PAPSS and other information systems, as well as designing and implementing physical security.
• Manage the design and support of cloud security.
• Design the network security architecture which underpins the interconnectivity of various participants across Africa and beyond to interoperate in PAPSS ecosystem.
• Responsible for design, performance and analysis of security testing.
• Manage the design, development and validation of security assessment and test strategies.
• Develop framework for security control testing and collection of security process data.
• Manage and conduct periodic internal and third-party IT security and risk audits to ensure compliance to security policies, standards and guidelines / procedures; and work closely with internal and external stakeholders to respond and resolve all external and internal security and risk issues raised.

Security Operations and Incidence Management:

• Oversee and direct information security activities in line with the information security operations and programme / framework.
• Provide leadership, guidance, and education/awareness regarding security initiatives to embed security management processes throughout the organization.
• Lead operational implementation, support and monitoring of organizational security policies to support internal controls and PAPSS critical infrastructure including identity and access management, intrusion detection, vulnerability scan and monitoring, patch management, anti-virus, security awareness, cloud security monitoring, contingency planning and testing etc.)
• Provide guidance regarding cyber threat intelligence to support security assessments.
• Work with IT and business risk owners, develop requirements, strategies, and robust framework to enhance the overall cyber security program.
• Perform advanced cyber intrusion detection/analysis and forensic review, recommending areas requiring further investigation and remediation.
• Oversee and conduct security and risk analysis including IT vulnerability and risk assessments, penetration testing, risk control evaluation, security requirements identification, and verification.
• Work closely with the IT team and management to assist in the resolution of cyber security events and incidents and recovery.
• Prepare reports and briefing notes for Head of PAPSS and senior management on developments in Cyber management, including assessment of the relevance and implications for PAPSS.
• Review and monitor change management procedures on all system changes, systems configuration changes and application of security patches to ensure that information security is not compromised.
• Prepare occasional reports and short notes to be published on the website to enhance trusted relationships with Central Banks, Financial Institutions, Financial Market Infrastructures, regulators, and other relevant organizations.
• Manage and lead all activities relating to cybersecurity resilience planning, contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties.
• Monitor and review operations logs and event console activity to identify potential security related events and investigate all anomalies.
• Manage system compliance to identified achievement targets for end points (antivirus, patches, threats, etc).
• Manage and review response and recovery plans; and periodically test the response and recovery plans, where appropriate.
• Maintain documentation of all information systems security and change management processes.
• Software and Application Development Security:
• Responsible for ensuring secure software and application development.
• Ensure use of security best practices in software development life-cycle for all developments in the organization.
• Ensure implementation of best practices security mechanisms and controls in all applications developed for (or by) the organization whether cloud or in-premise based.
• Ensure enforcement of best practices security mechanism and controls in development environments as well as in Production environment.
• Ensure implementation of best practices security mechanism and controls in all application/ software acquired by the organization whether cloud or in-premise based.
• Manage all processes for testing effectiveness of software security.
• Ensure use and implementation of secure coding guidelines and standards for all developments.
• Maintain documentation of all software and application development security model changes and change management processes.

Requirements
Qualifications and Skills:

• Graduate degree and professional qualifications are required.
• Relevant Bachelor's and Master's degree in Computer Science, Management, Engineering or related fields.
• 12+ years of Information Security Management experience required.
• Proven information security and risk management leader and expert in the architecture planning, design, development, delivery, monitoring and support of enterprise-class security for critical infrastructures and systems, both on cloud and on-premise.
• Experience in Real-Time Payment or Instant Payment networks is a big advantage.
• Information security management or related qualifications such as CISSP, CISM, CISA, CCSP, CSA, CCSK, CRISC, GIAC certifications, ISO 27001 are required.
• Hands-on team leadership and management experience. This is a hands-on role.
• Sound knowledge and understanding of information processing environments, network infrastructure, data communications, cloud infrastructure, and operating system administration, and information security principles.
• Experience with AWS cloud infrastructure is an advantage.
• Knowledge of standards, guidelines, and regulatory requirements to manage enterprise risk and to improve internal controls.
• Must be highly aware of emerging trends in IT security.
• Strong knowledge on different infrastructure architectures and security architecture underpinning them.
• Experience of internal business applications security mechanisms including access management is very desirable.
• Ability to communicate and function in a culturally diverse and change oriented setting;
• Excellent written and oral communication skills, exceptional interpersonal skills and the proven ability to influence and
• Communicate effectively across functional lines.
• Strong analytical, planning and project management experience with strong problem-solving capabilities with proven ability to lead projects end-to-end to meet commitments or compliance.
• Excellent verbal and written communication in English. Knowledge of any of French, Portuguese and Arabic is an advantage.

Benefits and Contractual information

• Permanent
• USD tax exempt salary
• Willing and able to relocate to Cairo, Egypt
• Suitably qualified candidates from all African nationalities are encouraged to apply