The African Export Import Bank (the "Bank”) was established in Abuja, Nigeria in October, 1993 by African Governments, African private and institutional investors as well as non-African financial institutions and private investors for the purpose of financing, promoting and expanding intra-African and extra-African trade. The Bank was established under the twin constitutive instruments of an Agreement signed by member States and multilateral organizations, and which confers on the Bank the status of an international multilateral organization; as well as a Charter, governing its corporate structure and operations, signed by all Shareholders. The authorized share capital of the Bank is Five Billion United States Dollars (US$5 billion). The Bank, headquartered in Cairo, the capital of the Arab Republic of Egypt, commenced operations on 30 September, 1994, following the signature of a Headquarters Agreement with the host Government in August, 1994. It has branch offices in Harare, Abuja, Abidjan and Nairobi.
Reference No: LJBLR-ISGRM-0014
Nature & Scope
- The objective of the function is to play a critical role in supporting the development, implementation, and maintenance of information security policies, procedures, and practices to protect Bank’s sensitive information and assets.
- He will collaborate with various teams to assess risks, identify vulnerabilities, and implement effective security measures to mitigate threats.
Functions
Specifically, the function aims to:
- Assist the Bank in Information security governance and risk management activities.
- Assist the bank in attaining information security objectives through development of policies, guidelines & procedures.
- Ensure security policies and procedures are being implemented and maintained.
- Assist in regular internal and external audits exercise.
- Support the day-to-day operations of IT Security and Risk Management.
Duties and Responsibilities
The core tasks, duties, and responsibilities are listed below:
- Policy and Procedure Development: Collaborate with senior management and stakeholders to develop and update information security policies, procedures, and guidelines in accordance with industry standards and regulatory requirements.
- Risk Assessment and Management: Conduct risk assessments to identify potential threats and vulnerabilities to the Bank’s information systems and assets. Develop risk mitigation strategies and ensure their implementation across the organization.
- Security Awareness Training: Develop and deliver security awareness training programs to educate employees about information security best practices, policies, and procedures. Foster a culture of security awareness and compliance throughout the Bank.
- Incident Response and Management: Assist in developing and maintaining an incident response plan. Respond to security incidents promptly, investigate root causes, and implement corrective actions to prevent recurrence.
- Security Monitoring and Analysis: Monitor security systems and tools for suspicious activity, analyze security logs and reports, and investigate anomalies. Take proactive measures to detect and prevent security breaches.
- Compliance and Audit Support: Assist in ensuring compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001). Support internal and external audits and regulatory inspections.
- Third Party and Vendor Risk Management: Assess the security posture of third party vendors and service providers. Review contracts and agreements to ensure compliance with security requirements and standards.
- Security Incident Reporting: Prepare and present regular reports on information security incidents, trends, and metrics to senior management and stakeholders.
- Provide recommendations for improving the organization’s security posture.
- Perform continuous security assessment of the bank’s information systems security architecture.
- Perform continuous risk and control security assessment.
- Conduct regular logical access review and assessment.
- Stay abreast of emerging cloud technologies and proactively assess and evaluate the adoption thereof.
- Responsible for the thorough documentations of implementations, via technical documentation and runbooks
- Stay abreast of emerging security threats, vulnerabilities and controls and proactively provide recommendations and remediations.
Qualifications and Experience
- Bachelor's Degree in Computer Science / Information Technology / Computer Engineering / Engineering / Management Information Systems or Computer Engineering or other relevant degree from a recognized University, a
- Master’s degree in a relevant field or a recognized professional qualification in lieu;
- Relevant security certifications such as ISC2 CISSP, CISA, CISM, SANS, OSCP, CEH, equivalent security-related industry certifications
- Minimum of 5 years of proven experience in information security, risk management, or related roles.
Skills, Knowledge, and Attitude:
- Strong understanding of information security principles, standards, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework).
- Experience conducting risk assessments, vulnerability assessments, and penetration testing.
- Excellent analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
- Experience with Linux, Windows operating systems and cloud provider ecosystems such as Amazon AWS and AZURE is a must.
- Practical knowledge of AWS foundation services related to compute, network, storage, content delivery, administration, security, deployment, and automation technologies.
- Experience in architecting, designing, and programming applications and ample experience in high level programming languages such as C++, C#, Java, Python, Visual Basic
- Good understanding of security assessment framework such as CIS benchmark and NIST
- Experience with security tools and technologies (e.g., SIEM, IDS/IPS, DLP, endpoint protection).
- Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate security concepts to non-technical stakeholders.
- Ability to work independently and prioritize tasks in a fast-paced environment.
- Excellent verbal and written communication skills in English.
- Willingness to travel and to work long hours where required to achieve the Bank’s objectives.
Method of Application
Signup to view application details.
Signup Now