Business Unit : Technology Services
Geographical Area : Zimbabwe
Department : Technology Services
Vacancy Manager : Technology Security and Governance Manager
Purpose of the job
To identify, measure, track and monitor technology risks and controls and recommend appropriate mitigants.
Main Focus Areas
- Develop and maintain expertise in IT operations, IT risk management, IT internal audit, as well as supervisory expectations and industry practices in those areas.
- Assist in the development of Bank’s risk assessments and supervisory strategies, and the vetting of findings.
- Develop comprehensive, creative and agile approaches to evaluating risks and operational resiliency. Devise methods to more efficiently incorporate market-based surveillance products, and technology into the ongoing supervisory process.
- Prepare informative, well-supported reports, effectively communicating complex and problematic supervisory findings, including required actions to Technology Security and Governance Manager.
- Evaluate developments impacting Bank’s risk profile through analysis of internal risk management reports and interactions with institution management. Support an overall assessment of the Bank’s level of operational risk and risk management practices across the enterprise IT environment.
- Analyze information security and risk management programs to determine an estimated risk and potential impact.
- Identify emerging institutional, regional, economic, and industry issues and their potential impact. Maintain an awareness of potential changes to key rules, laws and regulations, and supervisory policies.
- Balance multiple concurrent assessment projects and driving execution of those programs to mitigate risk and promote improvement of the risk and control environment.
- Identify controls requiring improvements and working collaboratively with other departments to implement enhancements.
- Assist management with development and documentation of achievable and sustainable action plans to remediate identified control weaknesses.
- Provide risk and control management consulting services and subject matter expertise.
- Assist with development, refinement, and execution of various IT processes.
- Recognize opportunities for automation and self-testing to improve efficiency.
- Contributing to System efforts to develop effective IT supervisory policy and guidance, supervisory activities, and IT analysis and thought leadership.
Qualifications and Work Experience
- Bachelor Degree in Computer Science or Information Systems
- Technology Risk certification, Security certifications such as CISM/CISSP/ISO32000 certification.
- 3 years’ experience in Information Security and Risk Management.
- Experience in information security, specifically with penetration testing, intrusion detection, incident response or digital forensics.
- Experience coordinating complex response activities with IT services department.
Skills and Competencies:
- Strong IT skills and knowledge including hardware, software and networks.
- Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems.
- A forensic approach to challenges, persistence, curiosity, and ability to meet deadlines.
- A deep understanding of how hackers work and ability to keep up with the fast pace of change in the criminal cyber-underworld.
- Ability to seek out vulnerabilities in IT infrastructures.
- Strong ability to work autonomously within a distributed team setting in a dynamic work
environment that often requires management/completion of multiple concurrent tasks within close deadlines and high demands, with a high degree of accuracy and detail.
- Flexibility to quickly switch tasks, takes on special projects, accurately assess status, and devise a reasonable strategy for completion.
- Working knowledge of continuous controls monitoring and relevant tools
Job Related Knowledge
- Intrusion detection.
- Malware analysis and reversing.
- Risk analysis and mitigation.
- Cloud security.
- Security analysis.
- Knowledge of the general tools and techniques of compliance, risk and assessment.
- Ability to clearly document test objectives and design efficient tests of controls.
- Knowledge of major IT internal controls and security frameworks and key risks in those areas.
- Ability to independently analyze and determine if a suite of controls will adequately reduce inherent risks to acceptable levels.
Interested applicants who meet the job requirements should e-mail their CVs to Careerszim@bancabc.com with the Heading: “Technology Risk and Control Specialist”.
APPOINTMENTS WILL BE MADE IN COMPLIANCE WITH BancABC’s RECRUITMENT POLICY.
Closing Date: 08 June 2020 @ 1630hrs