Description:
Essential Duties & Responsibilities
- Ensure risk identification, analysis and mitigation activities are integrated into the information security life cycle.
- Ensure the use of an integrated risk management approach to create executive level perspectives and status reports regarding all security risks that the bank may encounter; this includes risks in physical security, access and control issues, data security, data privacy and contingency planning.
- Reviews standards for changes in legislation and accreditation that affect information security from multiple sources including National Institute Standards and Technology (NIST), Pay Card Industries (PCI), ISO 27001, ISO 22301 and ISO 31000.
- Develop project plans, determine priorities for major initiatives, and insures proper implementation of programs and projects.
- Ensure the development and implementation of the Group’s information security policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives.
- Mitigate risks by creating project plans for specific implementations, identifying resources needed from the Information Technology department. Also, work with the SVP, Cyber Security Technologies and Services to coordinate and schedule actions.
- Monitor and report the Key Risk Indicators and compliance of the Group’s information security policies and procedures at the head office, DR site, domestic and international branches and subsidiaries.
- Monitor effectiveness of controls against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive computer threats.
- Monitor and check the processes for detecting, identifying and analyzing security-related events.
- Responsible for assessing the adequacy of security frameworks for existing and new systems.
- Initiate, facilitate and promote activities to foster information security awareness within the Group.
- Drive the establishment of a formal reporting process, which ensures that the Chief Information Security Officer (CISO) is continually informed of significant information security related issues on a timely basis together with the action being taken to resolve such issues.
- Use metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
- Develop and information security awareness training programs across the bank and assist in promoting activities to foster information security awareness within the Group.
- Research and propose information security products and services to protect and enhance the Group’s network infrastructure.