Chief Cybersecurity Analyst at the African Development Bank Group (AfDB)

African Development Bank Group (AfDB) - Established in 1964, the African Development Bank is the premier pan-African development institution, promoting economic growth and social progress across the continent. There are 80 member states, including 54 in Africa (Regional Member Countries). The Bank’s development agenda is delivering the financial and technical support for transformative projects that will significantly reduce poverty through inclusive and sustainable economic growth.

We are recruiting to fill the position below:

Job Title: Chief Cybersecurity Analyst

Position Number: 50000592
Location: Abidjan, Côte d'Ivoire
Position Grade: PL3

The Complex

• The Vice-Presidency, Technology and Corporate Services (TCVP) is responsible for the design, development, and delivery of efficient, people-centered, client-oriented, corporate services and information technology solutions to ensure overall institutional effectiveness in all aspects of the Bank’s corporate services.
• The Complex provides leadership in the formulation and implementation of the Bank’s strategies, policies, controls, and approaches on organizational information technology systems, software applications, cyber security, IT support, and infrastructure systems.
• The Complex is also responsible for the management of the Bank’s real estate assets, institutional procurement, language services, and business continuity.

The Hiring Department / Division

• Cybersecurity is a new Unit within the Bank, established to provide expertise and assistance to ensure the Bank’s infrastructure and information assets are appropriately protected.
• The Cybersecurity Unit is responsible for safeguarding of all bank’s Information Communication Technology (ICT) assets across all platforms, locations, and stakeholders.
• The Cybersecurity Unit is part of the Bank’s ICT lifecycle management that provides secure ICT solutions to the Bank. The Unit leads and provides cyber security technology solutions at the Bank, such activities include but are not limited to Cybersecurity Security Operation Center (C-SOC), Cyber Incident Response, Threat Intelligence, Zero-day Attack and Defense, Cloud Security, Mobile Security, Data Security, and Application Security.
• The Cybersecurity Unit also focuses on developing and driving information risk strategies, and policies/standards, ensuring the effectiveness of solutions, and ensuring appropriate risk policies and procedures such as user log-on and authentication rules, security breach, escalation procedures, and security assessment procedures.
• The Unit also enforces information security policies and procedures, monitors data security profiles on all platforms, and investigates risk scenarios.

The Position

• The Chief Cybersecurity Analyst will be supporting the Head of Cybersecurity to protect the Bank’s IT resources and information assets by (i) Ensuring strategic alignment of information security in support of business objectives; (ii) Ensuring availability, confidentiality, integrity, audit ability of the Bank’s information systems; (iii) Ensuring the continued availability of the Bank’s information systems; (iv) Ensuring reduction of adverse impacts on the Bank’s business operations to an acceptable level; (v) ensuring conformity of applicable laws, regulations, and standards; (vi) preventing nonrepudiation at computer-based activities.

Key Functions
Under the supervision of the Head of Unit, the Chief Cybersecurity Analyst will carry out the following functions:

• Information Security Governance: Assist to establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. 

Includes assisting with the following:

• Defining and elaborating the information security strategy in support of the Bank’s business strategy and direction.
• Liaising with HR Operations, Recruitment, and Client Services to ensure that each job description includes information security governance activities.
• Identifying current and potential legal and regulatory issues affecting information security and assessing their impact on the Bank.
• Establishing and maintaining information security policies that support business goals and objectives.

Risk Management: Identify and manage information security risks to achieve business objectives. Include assisting with the following:

• Developing systematic, analytical, and continuous risk management processes.
• Ensuring that risk identification, analysis, and mitigation activities are integrated into projects and process life cycles.
• Identifying and analyzing risks through suitable and recommended methods.
• Information Security Program Management: Assist to design, elaborate and manage information security programs to implement the information security governance framework.
•  Leading in establishing and maintaining plans to implement the information security governance framework.
•  Helping in defining the annual information security budget and obtaining Information Security Steering Committee approval.
•  Assisting in managing the information security budget in implementing the information security program.

Information Security Management: Oversee and supervise information security activities to execute the information security program.

• Leading the Bank’s IT security team: plan, organize, assign, supervise, and monitor the work of team members
• Ensuring that the rules of use for information systems and the administrative procedures for information systems comply with the Bank’s information security policies.
• Ensuring that services provided by other enterprises, including outsourced providers are consistent with established information security policies.

Response Management: Assist to establish and manage the capability to respond to and recover from disruptive and destructive information systems events:

• Designing, elaborating, and implementing processes for detecting, identifying, and analyzing security-related events.
• Developing response and recovery plans including organizing, training, and equipping teams.
• Ensuring periodic testing of the response and recovery plans where appropriate.

Competencies (Skills, Experience, and Knowledge)

• Minimum of a Master’s Degree in Information Security, Computer Science, Information Technology, or related discipline.
• Preferably seven (7) years of relevant post-qualification experience, with at least three (3) years of demonstrated IT infrastructure implementation and management.
• Mixed managerial, analytical, and technical skills and knowledge in all aspects of computer security in multi-IT areas: database, development, network, operating systems, IT security, specific applications security, etc.
• Good understanding and writing skills of computer systems security strategies, policies, principles, procedures, and standards.
• Good technical knowledge and experience across multiple platforms and technologies: Windows, Unix, Linux, networking, applications concepts, databases; wide area networks; computer operations, Intranet/Internet, LAN/WAN Connectivity with good knowledge of firewalls, switches, and routers (especially Cisco products).
• Good technical knowledge and experience in defining access and authorization controls within the Bank’s critical applications: SAP. SWIFT, SUMMIT, etc.
• Good technical knowledge and experience in Business Continuity Planning areas.
• Good knowledge of structured systems analysis techniques and practices as well as strong analytical and problem-solving skills
• Good Knowledge of risk assessment processes
• Good understanding of 1SO27001-2, and current legal and regulatory requirements relating to information security and privacy
• Up-to-date knowledge of information security, and industry certifications covering information security are added advantages.
• Demonstrable experience with networks and systems involved in keeping an organization secure.
• Strong management and leadership skills and the ability to influence senior management are essential.
• Competence in the use of standard Microsoft Office applications (Word, Excel, Access, and PowerPoint).
• Excellent written and verbal communication in English or French with a working knowledge of the other language.

Application Closing Date
4th June, 2023.