Chief Information Security Officer - BFS

Principal Accountabilities

A) Information Security

1. Implementing, enhancing and overseeing the information security framework locally.

2. Working with all business units to determine possible risks and risk management processes.

3. Analyzing IT security threats in real-time and mitigating these threats.

4. Collaborate with CIO/CTO to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

5. Ensure that the Bank is compliant with the rules by relevant regulatory bodies and enforce adherence to security practices.

6. Planning, designing, and implementing an IT and network strategy for the company.

7. Managing the continuous maintenance of the IT network to ensuring optimum security levels are maintained.

8. Ensuring that no internal breaches or misuse of data take place.

9. Collaborate with business stakeholders across the company to raise awareness of risk management concerns and cybersecurity threats.

10. Help the entire business technology planning by offering current and projected understanding of systems and technology. Advise and assist in acquiring the correct technology.

11. Determining the cause of internal and external data breaches and instituting appropriate corrective action.

12. Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Cloud security, Data protection.

13. Implement and maintain the information security program to protect enterprise communications, systems, and assets. To ensure the uniform implementation of policies and standards across all technological projects, systems, and services, comprehend and communicate with related disciplines through committees.

B) Operational Risk

1. Lead implementation of enterprise-wide operational risk strategy and policy and work closely with all businesses and support functions. The primary responsibilities would be to report, assess, measure, monitor, and control and report operational risks for the company and evaluate whether the risk management practices are in line with the operational risk strategies and policies.

2. Monitor and report Key Risk Indicators for each function.

3. Analysis and reporting of Operational Loss events.

4. Continuous interactions with central functions and branches to reinforce the objectives of Operational Risk in strengthening of processes.

5. To facilitate the Risk & Control Self Assessments by active participation and verifying the results of such assessments.

6. Propose Risk Mitigation Plans for breaches.

7. Develop and implement Ops risk Strategies to mitigate risks arising out of Operational Risk events in the day-to-day operations of the company.

8. Implement Ops risk framework and conduct ORMC meeting at Periodical interval.

Education/ Experience/ Other information

- Qualification: Preferably a post-graduate with hands on exposure towards IT & Operational Risk areas

- Work Experience: 15 - 20 years in an Information Security role. Exposure to Banking / Financial Services is a must

- Required Behavioural Competencies: Leadership skills, Stakeholder management, Collaborative mindset.