Job Vacancy For Chief Information Security Officer

JOB TITLE:   CHIEF INFORMATION SECURITY OFFICER

DEPARTMENT:  Risk

GRADE LEVEL:   Head

REPORTS TO:  Director – Cyber and Information Security (DCIS)                                         

JOB PURPOSE:  

To advise the Board and Management on Cyber Security matters that border on the operations of the institution, ensuring that the institution is insulated from any potential development in the cyber security space that may have harmful impact on it’s operations and sustainability and to proactively guide the institution to be complaint to regulatory protocols on cyber security matters.

KEY RESPONSIBILITIES:

• Advise the Senior Management and Board on Cyber and Information Security Management.
• Formulate an institutional methodology for managing cyber and information security risks.
• Develop the institution’s Cyber and Information Security policy and submit it to the Senior Management and Board for approval.
• Develop and update specific and general work procedures for realizing the institution’s cyber and information security policy.
• Maintain an ongoing process of cyber and information security risk assessment with the relevant institutional units, in order to analyse and assess: a) the risk levels integral to the institution’s technological and business activities;  b) The controls required to ensure systems integrity. c) The level of residual risk and exposure to cyber and information security threats the institution is willing to accept in implementing these activities.
• Integrate and coordinate all institutional cyber and information security efforts, including oversight and control of all institutional units participating in these efforts.
• Create a framework for receiving ongoing and ad-hoc reports from various institutional units.
• Initiate and conduct cyber and information security readiness exercises as follows: a) at least quarterly, an exercise shall be staged to assess the ability of one or more institutional entities to deal with a cyber-attack; and b) once a year, an exercise shall be undertaken to assess the preparedness of the entire institution to withstand cyber-attacks.
• Coordinate cyber and information security activities, including joint exercises with business partners and service providers.
• Promote cyber and information security awareness and train employees, suppliers, business partners and customers.
• Continuously learn and monitor cyber and information security issues by identifying trends, methods and advanced developments in the field while gathering information about emerging attack techniques and ways of dealing with them.
• Form a Cyber-Incident Response Team.  Analyse cyber and information security incidents that have occurred in Ghana and worldwide, and assess their potential impact on the institution, as well as implement the relevant measures proposed.
• Develop metrics and indicators to assess the effectiveness of cyber and information security systems and procedures.
• Assess regular and ad-hoc institutional cyber and information security controls.
• Draw up annual and multiannual work plans, including budgeting, prioritisation and timetables for implementing the assessment processes.
• Prepare and submit annual reports to the Senior Management and Board, detailing the institutional cyber and information security defence level, weaknesses and vulnerabilities, available countermeasures, and the activities and budgets required to enhance its defences.
• Be responsible for collaborating with relevant institutions involved in cyber and information security issues.
• Ensure preparation of reports on major cyber and information security incidents to the Bank of Ghana.

MINIMUM QUALIFICATION AND EXPERIENCE

• A good first Degree in a computer related field and 5years working experience and advanced training in IT and MIS
• Not less than 5 Years practical experience in a Cyber Security role
•  An advanced degree in a related field would be an added advantage
• Certification in Cyber Security will be an added advantage

IT and MIS Experience and Training

• At least 5 years working experience and advanced training in IT and MIS from banking or business environment or equivalent combination of education and experience

Wide knowledge of and advanced skills in computer terminal and personal computer operation, mainframe computer system, software programs of diverse functionality used by the NGO, Opportunity Network and donors including but not limited to, communications systems, desktop applications, and network administrative programs and resources.

OTHER QUALITIES AND REQUIREMENTS

• Ability to set and deliver functional and business IT and MIS goals and objective
• Ability to meet reporting expectation of the CEO, DCIS and Executive Management Teams
• Excellent organization, delegation and time management skills
• Ability to handle difficult situations and people in a more diplomatic way
• Ability to supervise, train and foster the development of the IT and MIS staff, providing feedback support and encouragement

KEY RELATIONSHIPS

Internal Relationships

• Chief Executive Officer
• Director of Cyber and Information Security
• Chief Risk Officer
• Chief Operations Officer
• IT Department
• AML Reporting Officer
• Branch Managers

External Relationships

• Bank of Ghana
• National Cyber Security Centre