Information Security Governance Officer at Providus Bank

ProvidusBank is an innovative financial institution that offers customised business solutions and advanced products that will not only answer your business and personal needs today, but also steer you into the future. Our tailored financial services delivery includes: Business Advisory, Portfolio Management, Personalised Relationship Management, Fast-tracked Service delivery and Self-service solutions.

Job Summary

The security governance team establishes and oversees the bank’s security strategy and compliance approach to information security requirements. Includes responsibility security policies and practices for conformance with mandatory legislation and regulations; strategic security plans for the technology to enable the organization's business strategy; transparent decision making, leading to the justification for investment, with the appropriate balance between stakeholder benefits, opportunities, costs, and risks.

Responsibilities

Principal Duties:

• Policies, Standards and Compliance
• Risk Assessment

Responsibilities:

Policies, Standards and Compliance:

• Review security policies, standards, and baselines for cyber security controls.
• Review Cybersecurity strategies and track strategic initiatives.
• Work with the relevant teams to ensure adequate compliance with defined policies, standards and baselines.
• Conduct regular reviews to ensure that policies, standards and baselines are up-to-date and are aligned with business requirements.
• Conduct information security awareness program for customers, staff/contractors.
• Ensure the bank’s continuous compliance with relevant regulatory requirements and applicable global standards such as Data Protection, ISO 27001, PCI DSS, ISO 22301, and other implemented best practices.
• Carry out performance reviews of the Information security management system.
• Work with the relevant teams to ensure compliance with the established policies.

Risk Assessment:

• Conduct periodic risk assessments of information assets, IT processes and banking products to ascertain the level of risk exposure.
• Review security configuration of IT assets to ensure compliance with leading practice.
• Perform periodic reviews of IT and cyber security functions to ensure compliance with the Bank’s standard operating procedures.
• Work with the relevant teams to track the remediation of identified gaps

Requirements

• Degree in Computer Science or any relevant information systems discipline.
• Knowledge of security standards and good practices, e.g., ISO 27001, PCI-DSS, NDPR
• Minimum five years’ experience working with any of the above standards.
• Must possess at least two of the following: CISM, ISO 27001, PCI-ISA, CDPSE, and ISO 22301, and other relevant certifications.
• Previous industry experience in the governance, risk and compliance
• Expert knowledge of information/cyber security standards: NIST, CIS, ISO Standards for information security, PCI DSS, and industry standards.

Method of Application