Governance, Risk, and Compliance (GRC)

• Develop and update annual Information Security RCSA review for Information Security function .
• Perform annual information security review for the IT infrastructure and applications, Maintain technology risk registers on archer and ensure identified risks are remediated according to security guidelines.
• Acting as second eye and checker to for IT-RCSA reports to support other functions.
• Coordinate with third party assessors to maintain Risk Assessment reports to support bank accreditation (PCI-DSS, ISO 27K, ISO 22301K, etc.) and Attestation.
• Coordinate with IT for Risk control self-assessment of IT service catalogue services including Define, monitor and measure KPI’s, and KRI’s Coordinate with Internal, external, and regulatory auditors for security risk management domain.
• Review IT concept design, solution design, applications, and documents to identify security risks.
• Perform Technical Risk Assessment activities on major infrastructure changes/ IT Projects to ensure that mandatory controls are implemented. Coordinate with SOC team to identify and escalate unauthorized changes to critical IT assets performed by IT.
• Escalate violations to disciplinary actions. Review projects BRD document ensuring that Information Security is primary stakeholder in business project, and that project implementation shall follow Bank Information Security & BC standards and aligned with CBE regulations.

Requirements

• 3-5 years in the fields of information security Experience of risk assessment methodology and approaches according to international standards, best practices, and frameworks. Knowledge of organizational processes and procedure.
• Background and experience in Cybersecurity and risk management.
• Knowledge and experience of Cybersecurity controls and best practices.
• Ability of conduct risk assesses to identify gaps, recommend required control and monitor treatment actions. Hand-on experience of Governance, Risk, and compliance tools.
• Adequate knowledge in local and international Information security standards eg CBE regulation, ISO27001, PCI-DSS 3.2.1, NIST. 
• Experience in banking operations.
• Preferred certifications ,CRISC ,CISSP ,ISO27001LA/LI.