Information Security Manager at CDL Human Resource

The Manager of Information Security is responsible for information technology (IT) risk management, which entails risk assessments, policy formulation, awareness and education, compliance reviews, and controls monitoring, all with regards to the Bank’s IT environment.

Key Responsibilities

Financial

• Assess and manage financial risks associated with information security breaches, including potential financial losses due to data breaches or cyberattacks.
• Identify and analyze risks through review of metrics and key risk indicators to determine the materiality in terms of financial loss, reputation, and regulatory risk, and the likelihood of such risks occurring.
• Ensure appropriate action plans and delivery dates are in place to address material risks or regulatory issues identified, and track these actions to completion.
• Develop and maintain IT risk management policies in line with industry best practices and regulatory requirements.

Customer

• Safeguard customer data and privacy by implementing and enforcing robust security measures, such as encryption, access controls, and data protection protocols.
• Educate customers about best practices for securing their accounts and personal information, including password management, phishing awareness, and safe browsing habits.
• Address customer inquiries and concerns related to information security, providing timely and accurate responses to maintain trust and confidence in the bank's services.

Internal Business Process

• Develop and enforce information security policies, procedures, and guidelines in alignment with regulatory requirements and industry standards.
• Conduct vulnerability assessments, penetration testing, and health checks on the Bank’s computer systems to identify system vulnerabilities that can be exploited by external and internal threats and ensure that these vulnerabilities are effectively remediated.
• Review technology-related contracts with third parties and any requests for policy/standard exceptions to ensure that risks are not introduced into the Bank’s environment.
• Provide technical risk-related support to projects, from inception through to successful implementation, to ensure that adequate security is in-built into computer systems being introduced into the Bank’s environment.
• Participate in and recommend improvements to policies, processes, and procedures to ensure all applicable regulatory requirements are fulfilled.
• Conduct quarterly awareness and education sessions to cultivate a security-aware culture within the Bank that promotes the responsible and secure use of information and computer systems.
• Ensure compliance with all banking laws and regulations, industry standards, and internal Bank policies related to IT risk management.
• Update and maintain a compliance matrix of all regulatory requirements, key policy requirements, and policy updates recommended by auditors.
• Provide guidance to all departments on topics related to IT risk management to achieve compliance with policies and standards, staying within the risk appetite of the Bank.
• Continuously update risk assessments and IT security monitoring given the latest threats, adjusting accordingly to reflect the latest trends.
• Coordinate with internal stakeholders, such as IT teams, compliance officers, and senior management, to ensure alignment of security initiatives with business objectives and regulatory requirements.

​Functional Responsibilities

• Monitor internal and external threats, and examine logs, events, and alerts generated by multiple platforms for anomalous activity, evidence of security incidents, and other error conditions that may constitute a breach in security or degradation of integrity or confidentiality of the Bank’s information and computer systems.
• Implement appropriate reporting and escalation of all significant risks through periodic reports and priority notifications to ensure transparency of risks and appropriate measures in place to reduce risks to within the Bank’s risk appetite.
• Respond to escalations and queries; hold regular discussions with the IT Department; and employ other means available to ensure that appropriate measures are taken to minimize exposure to risk.
• Prepare and present regular reports and updates on the bank's information security status, including metrics, incidents, and remediation efforts, to senior management and stakeholders.

Requirements

Job Specification

Academic

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Professional Qualifications & Experience

• Proficiency in Microsoft Office Suite
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Desired Work Experience

• Minimum of 5 years of experience in in information security roles, preferably in the banking or financial services sector.
• Experience in developing and implementing information security policies, procedures, and standards.
• In-depth knowledge of banking operations, products, and