MISSION
The Regional Bank’s Information Security Officer will be responsible for coordinating with each bank CISO the protection of the Bank’s IT resources and information assets by :
(i) Ensuring strategic alignment of information security in support of business objectives ;
(ii) Ensuring availability, confidentiality, and integrity of the Bank’s information systems ;
(iii) Ensuring good treatment of adverse risk on the Bank’s business operations to an acceptable level and ;
(iv) Ensuring conformity of applicable laws, regulations and standards.
DUTIES AND RESPONSIBILITIES
Risk Management coordination for each bank :
• Identify and manage information security risks to achieve business objectives :
• Performing IT security risk assessments and reporting on ways to minimize threats ;
• Ensure that risk identification, analysis and mitigation activities are integrated in projects
and processes life cycle ;
• Monitoring security vulnerabilities and hacking threats in network and host systems ;
• Identify and analyze risks through suitable and recommended methods ;
• Develop systematic, analytical and continuous risk management process.
Information Security Governance coordination for each bank :
• Establish and maintain a framework to provide assurance that information security
strategies are aligned with business objectives and consistent with applicable laws and
regulations ;
• Establish and maintain information security policies that support business goals and
objectives ;
• Identify current and potential legal and regulatory recommendations affecting
information security and assess their impact on the Bank.
Information Security Program Management coordination for each bank :
• Design, elaborate and manage information security Programme to implement the
information security governance framework ;
• Establish and maintain plans to implement the information security governance
framework ;
• Define annual information security budget and obtain approval from the Top
Management ;
• Manage the information security budget in implementing the information security
projects.
Information Security Management coordination for each bank :
• Oversee and direct information security activities to execute the information security
Programme ;
• Plan, organize, assign, supervise and monitor the work of IT Security Officers at the
subsidiary level ;
• Ensure that services provided by other enterprises, including outsourced providers, are
consistent with established information security policies.
Response Management coordination for each bank :
• Establish and manage capability to respond to and recover from disruptive and
• destructive information systems events ;
• Design, elaborate and implement processes for detecting, identifying and analyzing
security related Events ;
• Develop response and recovery plans including orgaAnizing, training, and equipping
teams ;
• Ensure periodic testing of the response and recovery plans where appropriate.
Project Management coordination for each bank :
• Identify new project to improve bank Information security ;
• Coordinate Group Information security project deployment in the bank.
PROFILE
• Degree in Electrical Engineering / Computer Science / Information Technology or another
relevant Technical Degree ;
• Minimum 5 years working experience in a busy Information Security, Information
Technology within a banking environment or related field ;
• Formal Training and Certification in Information Security and Privacy such as
CISSP/CISM/CISA/CEH/ISO2700x are preferred ;
• Knowledge and good understanding of Information Systems Security and Control
Objectives ;
• Good understanding and writing skills of computer systems security strategies, policies,
principles, procedures, and standards ;
• Good technical knowledge and experience in defining access and authorization controls
within the Bank’s critical Business applications ;
• Good knowledge and understanding of relevant banking policies, processes, procedures
and guidelines to consistently achieve required compliance standards or benchmarks ;
• Excellent written and verbal communications in English or French with a working
knowledge of the two languages.