Information Security Risk Officer

State: Accra, Ghana
Country: Ghana
Deadline: 03/09/2021
Qualification: Masters Degree
Work Experience: 4 Years
Career Level: Mid Career
Industry: International Development

Information Security Risk Officer Summary

The Standard Bank Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems.


Information Security Risk Officer

As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISRO serves as the second line of defence

for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of

cyber security within the Bank.

The Group CISRO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third

party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Risk Officers

(ISRO) reports to the CISRO and performs a pivotal role as an extension of the CISRO in supporting the ICS risk management

strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions.

The Office of the CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders,

including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

This role has oversight over Ghana, Cote D’Ivoire, Cameroon, Gambia and Sierra Leone or any other countries that may be assigned.

The successful Information Security Risk Officer  may be based in Ghana, Nigeria or Kenya

Strategy

The Information Security Risk Officer position is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field.

The Information Security Risk Officer will have a strong understanding of operating in a second line capacity within an ICS or risk management

organization, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements.

The role reports directly to the Head ISRO Africa.

The Information Security Risk Officer  will work closely with the CISRO and others to address ICS as a principal risk type for the Bank and support its

integration into the Bank’s overall Enterprise Risk Management strategy.

The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to the country

leadership as defined in the Bank’s ICS Risk Type Framework and under delegation from the Group CISRO.

Business

The primary purpose of this position to ensure that the management of ICS risk is operating effectively and efficiently and to

provide assurance that ICS risk is appropriately managed.

The role will support the CISRO in their role as the Bank’s executive accountable for ICS risk.

The successful candidate will work closely with the ISRO Head, Africa, the Security Technology Services team, and Country CRO,

CIO, and Compliance Officers, as well as other key stakeholders to drive requirements and help set priorities for ICS strategy and

investment based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and

standards, and technology infrastructure.

In addition, given the rapidly evolving ICS regulatory environment, successful candidate will have a strong acumen for working with

regulators and understanding ICS policy with an ability to articulate new requirements into ICS risk management assessments and processes.

Processes

The major functional activities that the role will lead and manage are:

Delegation of Authority from the CISRO for ICS risk management engagement;

Overseeing and challenging 1st line ICS risk proposals and risk-taking activities;

Intervening in 1st line activities if they are not in line with existing or adjusted Risk Appetite;

Monitoring of ICS risks and associated remediation plans using the CISRO Governance Risk Type Framework;

Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the CISRO Policy team and

escalate significant regulatory non-compliance matters and developments to the Group CISRO; and

Promoting a healthy ICS risk culture and good conduct.

People and Talent

Lead through example and operate with the appropriate culture and values.

Uphold and reinforce the independence of the second line ICS Risk function.

Risk Management

Deliver the defined aspects of the ISRO role to support the Group’s ICS risk management approach and objectives.

Ensure that the role is managed in accordance with the defined CISRO Governance Risk Type Framework and associated Policy and

Standards; and that issues are identified, escalated and addressed as appropriate.

Governance

Establish strong ties into the relevant country leadership, governance, risk and control committees to ensure adequate monitoring,

tracking and governance of ICS risk.

Drive integration of ICS Risk Type Framework and utilise for the ongoing governance of country risk.

Regulatory & Business Conduct

Display exemplary conduct and live by the Group’s Values and Code of Conduct.

Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across

Standard Chartered Bank.

This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the

Group Code of Conduct.

Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association

Key Stakeholders

Country CRO

Country CIO

Country COO

Country Compliance Officer

Country CEO

Banking Regulators

Global Head, Security Technology Services

Head of ICS Governance

Head of ICS Policy

Group Internal Audit

Head of ICS Assurance and Testing

 

Head of ICS Training, Awareness & Exercises

Other Responsibilities

Establish strong relationships with identified stakeholders and understand their strategic goals, in order to ensure ICS alignment.

Articulate the value of ICS controls and their bottom-line impact on security and resiliency.

Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.

Perform Delegation of Authority (DoA) responsibilities for CISRO as defined for the countries.

Measure efficient and effective management of ICS risk for the countries.

Validate the accuracy of KRI’s and KCI’s and other risk ratings, as well as process designs, to meet policy requirements.

Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.

Build trusted working relationships with other security functional heads, risk and compliance counterparts, and country stakeholders.

Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the countries.

Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

Monitor, assess and advise countries on acceptable risk tolerances based on policy and control environment and the evolving

regulatory and threat landscape.

QUALIFICATIONS:

Proven experience in an information security office, governance and policy, ICS or Operational Risk or Audit role

Bachelor’s Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.

Professional certifications are desirable (e.g., CRISC, CISA, CISSP, CISM, GIAC etc).

Thorough understanding of IT security business processes, risks, threats and internal controls.

Ability to collect and analyse data, establish facts and make recommendations based on sound risk management principles.

Technical knowledge across a broad range of ICS capabilities including Cyber Defence, Security Monitoring, Analytics, DLP, Access

management, Cloud etc. etc.

A passion for keeping technical knowledge and skills up to date and horizon scanning new and emerging thematic risks from new

technology or technology.

Strong knowledge of cyber security frameworks, information security principles, architecture.

Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology

and process risk to non-technical stakeholders in a lucid way.

Strong interpersonal and stakeholder management skills with experience across various levels in the organization including senior

MD leadership teams, in influencing key decisions taken in the business and in support teams.

Proven experience of demonstrating resilience and having a strength of character.

Excellent English communication skills oral and written.

Must be a self-starter who is able to initiate and successfully drive initiatives to completion with little or no management supervision.

Strong analytical skills and an ability to prioritise, make decisions, and work to tight timeframes.

Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.

Apply now to join the Bank for those with big career ambitions.

To view information on our benefits including our flexible working please visit our car

About Standard Chartered Bank in Ghana

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit.

It’s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our

brand promise, Here for good.

We’re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can

realise their full potential and make a positive contribution to our organisation.

This, in turn, helps us to provide better support to our broad client clients

Full list Of Current ICT jobs in Ghana 2021

Tagged as: , ,

Information Security Risk Officer

Contact us

Standard Chartered Bank
Open chat
Chat with us