Information Security Department, Rwanda.Head of Information Security

KEY RESPONSIBILITIES: 

• Develop and implement the Bank’s cybersecurity vision, strategy, and program to ensure information assets and technologies are adequately protected and defended.

• Developing and enforcing cybersecurity policies, standards, and procedures to ensure proper operations and maintenance of Technology assets.

• Provide leadership to a team of cybersecurity experts in various areas, including applications, network, endpoint, hardware, data protection & privacy, cloud security, architecture, in terms of motivation, mentoring, talent growth in order to protect the bank’s assets from malicious actors and support the business to deliver to its strategic imperatives 

• Collaborate with other stakeholders (Business leaders, Risk and Technology leaders) on topics related to ICT risk management such as achieving compliance with internal policies, regulatory requirements, and international standards in order to determine acceptable levels of cybersecurity and remain within the risk appetite of the Bank,

• Serving as the Bank’s expert on cybersecurity protection, detection, response, and recovery, developing tactical and strategic plan of action, with distinct delivery timelines to address material risks and any open internal or external audit items or regulatory issues and tracking these actions to completion. 

• Preserve the confidentiality, integrity, availability, authenticity, accountability, non-repudiation, and reliability of BPR Bank’s technology infrastructure and data against aggression from internal and external threats. 

• Ensuring the properties of security, authenticity, accountability, non-repudiation and Reliability of information and information processing systems are preserved.

• Promoting user awareness of good cybersecurity practices, current threats, and the bank’s cybersecurity policies & procedures among all BPR Bank’s employees, vendors, and customers. 

• Incident Handler in BPR Bank’s Cybersecurity Incident Response and Recovery Team (CIRRT). 

• Identifying and assessing ICT risks in conjunction with other units in Technology department, Control functions (Risk, Compliance, Audit, & Forensic) and Lines of Business, to determine their materiality. 

• Implementing appropriate transparency/escalation of all significant ICT risks as appropriate through regular reports to Management, the Board, and other stakeholders, as well as priority notifications to ensure minimum exposure to ICT risk.

• Implementing technical controls in support of the Bank’s Data Privacy programs, on premises and on cloud, in line with General Data Protection Regulation (GDPR) and National Cyber Security guidelines.

DAILY RESPONSIBILITIES: 

• To provide leadership to a team of cybersecurity experts in various areas, including applications, network, endpoint, hardware, data protection & privacy, cloud security, architecture, in terms of motivation, mentoring, talent growth in order to protect the bank’s assets from malicious actors and support the business to deliver to its strategic imperatives 

• Ensure there is Limit and control access to physical and logical assets and associated facilities to authorized users, processes, and devices, consistent with the assessed risk of unauthorized access to authorized activities and transactions.

• Interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services to ensure the bank’s assets are protected and support the business to deliver its strategic imperatives

• Ensure effective management of technical security solutions to ensure the security and resilience of systems and assets.

• Ensure continuous security monitoring of the information system and assets to identify security events and verify the effectiveness of protective measures.

• Ensure anomalous activity detection to understand the potential impact of events including attack targets and methods.

• They ensure the organization complies with relevant security regulations and standards

                                  Academic & Professional

Particulars

Detail

Specific Field or Qualification

Need Type4

Education

Bachelor’s Degree

B.Sc. Information Technology / Computer 

Science / Telecommunications /

Engineering or related field

RQ

Professional Course

CISSP: Certified Information Systems Security Professional • CISA: Certified Information Systems Auditor • CISM: Certified Information Systems Manager • CCISO: Certified Chief Information Security Officer

RQ

Education

Masters

IT or business-related field

AA

                                                   Experience

Total Minimum No of Years’ Experience Required 

8

Detail

Minimum No of Years

Need Type

Information Security Management

5

ES

Governance, Risk Management and Compliance

5

ES

Security Architecture and 

Engineering

5

ES

Security Program Management 

and Operations

5

ES

Communication and Network 

Security

5

ES

Identity and Access Management

5

ES

Software Development, Security 

Assessment and Testing

5

ES

Information Security Incident Management

5

ES

IT or Information Security 

8

ES

Leading Teams

6

ES

Strategy Development

4

ES

Stakeholder Management

6

ES