Senior Manager - Information Security & Risk job at Development Bank of Rwanda (BRD)
356 Days Ago
Linkedid Twitter Share on facebook

Vacancy title:
Senior Manager - Information Security & Risk

[ Type: FULL TIME , Industry: Banking , Category: Management ]

Jobs at:

Development Bank of Rwanda (BRD)

Deadline of this Job:
Friday, December 15 2023 

Duty Station:
Within Rwanda , Kigali, East Africa

Summary
Date Posted: Friday, December 01 2023, Base Salary: Not Disclosed

Similar Jobs in Rwanda
Learn more about Development Bank of Rwanda (BRD)
Development Bank of Rwanda (BRD) jobs in Rwanda

JOB DETAILS:
Purpose of the Job
• The purpose of the job is to be responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. The position is also responsible of advising and establishing the information security strategy and overseeing information security operations in the bank.
• This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the bank. The position is also responsible for reporting and investigating information security incidents and advising on remediation actions to avoid their recurrence.
• The position is also responsible for advising and recommending needed tools to improve the security posture of the bank and maintain high compliance levels.
• The Senior Manager - Information Security & Risk role will also be responsible for developing an information security awareness program for all functions to educate employees, and customers about the risks associated with the misuse of information resources and how to avoid them.
• The Senior Manager - Information Security & Risk will also be responsible for engaging and managing internal and external information security stakeholders’ relationships to ensure the bank remains compliant and aware of external requirements.

Main Responsibilities of the Job
• Develop, implement, and monitor a strategic, comprehensive information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled or processed by the bank.
• Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in Risk, Audit and IT). This includes hiring, training, staff development, performance management and annual performance reviews.
• To manage creation, maintenance and implementation of the bank information security awareness training program.
• Creating, leading, and managing cybersecurity strategies
• Oversee information security audits, whether performed by internal audit or third-party personnel.
• Manage security team members and all other information security personnel.
• Evaluate department budget and costs associated with technological development in cybersecurity.
• Define and communicate to the management, the key threats to the information assets.
• Assist in the investigation of security threats or other attacks on the information assets at the bank.
• Forecast potential threats to the business.
• Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.
• Manage the acquisition of additional information security solutions or enhancements to existing information security solutions to improve the overall information security posture.
• Lead, develop and implement the FinSOC program to ensure compliance with the regulator.
• Serve as a focal point of contact for the information security team, the customer and across the organization.
• Manage external stakeholders through regular engagements (BNR, NCSA..etc).
• Manage, configure, and test physical security, disaster recovery and data backup systems.
• Communicate information security goals and new programs effectively with other department managers within the organization.

Performance indicators
• Conduct a continuous gap analysis and vulnerability assessment of the bank in terms of information security to ensure the bank is always aware of its cybersecurity risks.
• Ensure the preparedness level of the bank is efficient by evaluating how well-prepared we are for any potential cybersecurity threat or attack.
• Review continuously the number of devices on the organization's network and whether they are fully patched up, up-to-date, and safe.
• Timely and effective management of information security incidents by ensuring the mean time to detect, to resolve, to contain, etc. are low.
• Prevent any intrusion attempts in the bank’s network by continuous monitoring of network devices logs and activities performed within the bank.
• Ensure our information security rating improve and remains excellent.
• Ensure system are properly patched on a timely manner.
• Provide comprehensive cybersecurity awareness training.
• Safeguard the bank from cybersecurity threats and attacks such as bots’ attacks, viruses, phishing attacks, ransomware and more.
• Measure and evaluate our cost per incident to minimize loss for the bank.
• Document and ensure compliance of all information technology policies, procedures, and processes.
• Develop a logical access matrix for each system used within the bank.
• Closely monitoring of the user system access of staff or external partners according to the logical access matrix of each node.
• Monitor data privacy and protection of the bank, its staff, and customers according to the Rwandan’s law especially on the protection of personal data and privacy.

Working relationships
• Executives and Heads of departments
• IT & Digital Information
• System and Database administrators
• Senior and Middle Managers
• External stakeholders

Professional, academic qualifications and experience
• Bachelor’s degree in computer science, Information Technology, or related field. Master’s degree in the related field is preferred.
• Professional certification in Cybersecurity such as CCNA/CCNP Security, ISO/IEC, or related field
• A minimum of seven years of IT experience, with five years in an information security role.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
• Remarkable experience in information security risk assessment and management.
• Knowledge and understanding of relevant legal and regulatory requirements.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• A strong understanding of the business impact of cybersecurity tools, technologies, policies, procedures, and processes.
• Experience developing and maintaining policies, procedures, standards, and guidelines.
• A drive to learn and master new technologies and techniques.

Core competencies
• Visionary leader with sound knowledge of business management and a working knowledge of information security technologies Industry experience is preferred.
• Understanding of operating system internals and network protocols.
• Familiarity with Cybersecurity tools and technologies (e.g., SIEM, ESG, EDR, PAM, DAM and other related tools)
• Knowledge of the principles of cryptography and cryptanalysis.
• Experience in system technology security testing (vulnerability scanning and penetration testing).
• Familiarity in application technology security testing (white box, black box and code review).
• Highly familiar with related information security laws and regulations, including knowledge of Rwandan Data Privacy law.
• Proven abilities to take initiative and be innovative.
• Analytical mind with a problem-solving aptitude
• BSc/BA in Computer Science, Engineering, or relevant field.

Job Experience: No Requirements

Work Hours: 8


Experience in Months:

Level of Education:
Bachelor Degree

Job application procedure
• Interested candidate should apply online ( https://www.brd.rw/careers/  ) and upload application documents including Curriculum Vitae, copies of degree certificates and professional certificates, motivation letter, names of three previous supervisors (as one document) as well as their emails and telephone. Please be informed that you will receive a notification pop up message after successfully uploading your application.
• Only online applications shall be considered.
• Email only for inquiries (not application): recruitment@brd.rw 
• Address all applications to the Head, Human Capital, and Corporate Services of the Development Bank of Rwanda.
• Deadline for application: 15th December 2023
• The employment package is highly competitive/attractive.
• Due to expected high volume of applications, ONLY shortlisted applicants will be contacted.
• Done in Kigali, 1st December 2023

All Jobs

QUICK ALERT SUBSCRIPTION

Job Info
Job Category: Management jobs in Rwanda
Job Type: Full-time
Deadline of this Job: Friday, December 15 2023
Duty Station: Kigali
Posted: 01-12-2023
No of Jobs: 1
Start Publishing: 01-12-2023
Stop Publishing (Put date of 2030): 01-12-2066
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.