Standard IBTC Bank is a leading African banking group focused on emerging markets globally. It has been a mainstay of South Africa's financial system for 150 years, and now spans 16 countries across the African continent.
Effective risk management is fundamental to the business activities of the Standard Bank Group (group). While we remain committed to increasing shareholder value by developing and growing our business within our broad determined risk appetite, we are mindful of achieving this objective in line with the interests of all stakeholders.
Standard IBTC Bank is recruiting to fill the vacant position of:
Job Title: Manager, Information Risk
Job ID: 12656
Location: Lagos Nigeria
Position Description
Job purpose
The primary purpose of this job role is to establish and manage enterprise-wide Information Security risk management programme by instituting on-going risk assessment, strategic planning, implementation, communication, training and awareness activities in response to identified risk areas.
Key responsibilities
- Delivers information security risk assessments of projects, new technologies, external service providers, and IT changes. Guides staff and managers on the appropriate risk mitigation strategies.
- Effectively communicates requirements and trains staff and managers to identify and manage IT risks throughout the project lifecycle.
- Communicates and reports on risk metrics to the various governance committees.
- Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.
- Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and Risk.
- Supports the Bank’s ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the Stanbic IBTC.
- Assists with the development of the Bank’s enterprise security architecture and standards at the business, information, infrastructure, and application level. Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the bank’s security architecture standards.
- As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
- Work closely with Change and Enablement: undertake risk analysis of all business process improvement initiative within the context of information security.
- Works closely with IT project teams to develop implementation plans for new security-related products and services.
- Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology.
- Coordinates and supports the work of security governance.
- Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality.
- Establish on-going Information Risk management programme
- Establish enterprise-wide Information Security risk management function
- Establish Information Security risk assessment process and communicate risks and impacts to Senior Management
- Prepare timely and appropriate response to inquiries from regulators and key stakeholders Implement:
- Coordinate risk assessment and action plan implementation with Senior Management, Information Technology, Internal Audit, Legal, Risk Management and other personnel
- Communicate risk management requirements and standards to all employees, through trainings and publications
- Monitor progress of investigations of security incidents and alerts
Internal relationships
- IT
- IT Security
- Records management
- Change and Enablement
- RoA OpRisk Team (PBB and CIB)
- Legal Services
External relationships
- Third party service providers
- Central Bank of Nigeria
- Risk Managers Association of Nigeria (RIMAN)
Required Skills and Qualifications
Qualifications
- B.Sc. degree in Information Security, Computer Science, Engineering, Mathematics, Business or related field of study
- MCSE / CISA / CISM or any risk related certification as well as information risk experience is essential
Experience
- Good risk management experience
- Good network experience
- Strong customer focus and ability to manage client expectations
- Strong team-orientated interpersonal skills
- Self-motivated and able to work with minimal supervision.
- Good communication skills.
- Ability to manage expectations
- Must be service orientated
Required Competencies
Technical competencies
- Strong analytical and problem solving skills
- Proven ability to work under pressure including emergency situations
- Logic and problem solving skills.
- Ability to perform IT Risk assessment
- Manage information security risk management framework
- Develop information risk management process
- Implement information risk management process
Personal competencies
- Competent and reliable staff that is dedicated with analytical capabilities
- Ability to manage project schedule
- Ability to manage project communications
- Understand and apply compliance standards
Application Closing Date
17th July, 2014
Method of Application
Interested and qualified candidates should
Click here to apply online