Technology Risk Management Specialist
The CISRO Function
The Group Chief
Information Security Risk Officer (CISRO) function is instrumental in
protecting and ensuring the resilience of Equity Group’s data and IT
systems by managing information, cybersecurity, and IT risk across the
enterprise. As a critical function reporting into the Group Chief Risk Officer
(CRO), the CISRO function serves as the second line of defence for
assuring ICS controls are implemented effectively and in accordance with
the Risk Framework and for instilling a culture of cyber security within the
Bank. The Group CISRO is responsible for ICS governance, strategy, policy, risk
assessments, industry partnerships, and regulatory engagement. The Office
of the CISRO is central to ensuring the Bank’s ability to meet its ICS
commitments to internal and external stakeholders, including regulators, as
well as maintaining an acceptable ICS risk profile that is regularly
reported to the Board.
The Role
The IT Risk Specialist
role is a 2nd line of defense role which encompasses
creation/improvement/execution of Information and Technology risk management
across the Group, including partnership with 1st line front line business and
risk units, in alignment with the Enterprise Risk Framework. The role will be
providing Risk Management leadership across the Group’s Information and
Technology risks. The candidate is expected to possess a deep understanding of
information technology and should understand concepts including computer
networking, web and native application functionality, operating system
functionality, cloud services, corporate network environments and operations.
Responsibilities
Support
the review and update of the technology risk management framework on an annual
basis with the changes in the environment.
Review
technology policies, processes and procedures identify potential opportunities
for improvement and alignment.
Working
across the technology department to analyze and better understand their risk
profile.
Review
IT initiatives from technology risk perspectives and provide advisory and
recommendation.
Supervise
the IT disaster recovery measures deployed across the group.
Defining
a risk and control methodology and framework to use in conducting risk assessments.
Proactively
managing risks so that there are no major incidents, breaches, or examples of
non-compliance.
Adhere
to, advise, oversee, monitor and enforce enterprise frameworks and
methodologies that relate to technology controls activities.
Support
the definition of the technology risk appetite statements
Monitor
Key Risk Indicators (KRIs) and report on deviation from defined technology risk
appetite.
Assist
in the role-out of risk control self-assessments across the 1st line of Defense.
Assist
with the Technology Risk reporting operations, including scheduling key monthly
meetings, monitoring key milestones, escalation of past due activities, problem
triage and management.
Increase
awareness and enhance risk culture across the organization and provide day to
day risk and control advise as trusted 2nd line subject matter expert.
Qualifications
Ideal
Candidate
Bachelor’s
degree in Computer Science, Information and Cyber Security, Technology or
equivalent
5
years of relevant in information security or risk management, audit,
information assurance preferably in Banking and Financial sector
Must
have CISA (Certified Information Systems Auditor) certification
CISSP
(Certified Information Systems Security Professional) * Added advantage
Must
have CCSP (Certified Cloud Security Professional) certification
Other
ISACA related Certification (e.g., CISM, CRISC or CGEIT) * Added advantage
Consistently
able to demonstrate or articulate value proposition
Candidates
must have hands on experience in performing risk assessments in diverse
technology environments
Good
understanding of technology infrastructure, networks, and database management
systems.
Good
understanding of cloud computing technologies and Microsoft Azure environment.
Expertise
in Linux machine recommended Kali and parrot.
Familiar
with various operating systems and databases
Ability
to both assess priorities and to focus on work in a structured fashion which
delivers results
Sound
judgement and anticipation
Strong
integrity, independence, and resilience
Deliver
with minimal supervision.
Avid
researcher of best practices and happenings in the global cyber space.
Engage
key stakeholders on actions required.
Team
player and contributor.
Strong
problem-solving, persuasive skills and an ability to grasp abstract concepts
and complex technology situations to challenge the status quo and further
develop and build on our IT Risk Management Framework.
Excellent
communication skill, both verbal and written, with the ability to initiate and
lead conversations with technology and business leaders and risk colleagues
regarding anticipated and emerging issues.
How To Apply
Deadline closes : 23rd
October 2023
