African Development Bank (AfDB) Recruitment for Head of Cyber Risk Unit, CHSA
Applications are invited from interested and suitably qualified candidates for AngloGold Ashanti Recruitment for Head of Cyber Risk Unit, CHSA.
Established in 1964, the African Development Bank (AfDB) is the premier pan-African development institution, promoting economic growth and social progress across the continent. There are 80 member states, including 54 in Africa (Regional Member Countries). The Bank’s development agenda is delivering financial and technical support for transformative projects that will significantly reduce poverty through inclusive and sustainable economic growth. In order to sharply focus the objectives of the Ten Year Strategy (2013 – 2022) and ensure greater developmental impact, five major areas (High 5s), all of which will accelerate our delivery for Africa, have been identified for scaling up, namely; energy, agro-business, industrialization, integration and improving the quality of life for the people of Africa.
Job Description
- Company: African Development Bank
- Location: Ghana
- State: Accra
- Job type: Full-Time.
THE POSITION:
The objective of this position are to:
- Be responsible for the safeguarding of all Bank’s Information Communication Technology (ICT) assets across all platforms, locations and stakeholders. Additionally, the incumbent will play a central role in refining the broader information technology risk program across the bank, and will be responsible for ensuring compliance of all third-party providers with the information security standards.
- Establish a complete vision for cybersecurity practices for the Bank and management of security policies, procedures, guidelines, and standards. This includes roadmaps for evolving the ICT security architecture, associated toolsets, security processes, etc.
- Lead Cyber Security innovation at the Bank and provide innovative ICT security solutions to address business and technology challenges
- Provide solutions to Bank’s ICT and business project team ensuring information and technology security requirements, including confidentiality, integrity, and availability are managed and the project objectives are achieved.
- Plan, execute, and manage multi-faceted projects related to cyber risk management, mitigation and response, compliance, control assurance, and user awareness.
- Update, maintain and document information controls and provide direct support to the Bank internal IT structures.
- Be responsible for leading and coordinating, articulating, and tracking actions related to developing and driving the implementation of a new Cyber Risk Unit ensuring effective cyber security risk management practices, risk based planning and engaging with business Departments on a wide range of cyber risk matters to achieve the overall business objectives of the Bank.
- Oversee activities as assigned, primarily within risk management, and lead technical projects across all technical areas to mitigate cyber risks.
Duties/Responsibilities
The areas of responsibility for the head of the unit are the following categories:
- Governance & strategy: Making sure all of the above initiatives run smoothly and get the funding they need — and that corporate leadership understands their importance
- Security operations: Real-time analysis of immediate threats, and triage when something goes wrong
- Cyber risk and cyber intelligence: Keeping abreast of developing security threats, and helping the board understand potential security problems that might arise from acquisitions or other big business moves
- Data loss and fraud prevention: Making sure internal staff doesn’t misuse or steal data
- Security architecture: Planning, buying, and rolling out security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind
- Identity and access management: Ensuring that only authorized people have access to restricted data and systems
- Program management: Keeping ahead of security needs by implementing programs or projects that mitigate risks
- Investigations and forensics: Determining what went wrong in a breach, dealing with those responsible if they’re internal, and planning to avoid repeats of the same crisis
The incumbent’s duties will include the following:
1. Ownership of the information security compliance vision, strategy and assurance including:
- Strategic planning for Cyber Security Risk Management at the Bank, including situation assessment, vision and mission, objectives, road maps for short, medium, and long terms.
- Evaluation and interpretation for AFDB of industry best practices (NIST, ISO, SANS, COBIT, CERT) and compliance requirements (Legislative, Regulatory).
- As appropriate – ownership, sponsorship, management, support and supervision of information security assessments, audits and ongoing monitoring.
- Information security threat and vulnerability management, incident reporting, event management, event investigation and analysis.
- Ownership of the information security project portfolio, including developing new or improved capabilities and addressing areas for needed remediation.
- Overall stewardship and sponsorship for AfDB Enterprise IT Risk management strategy.
2. Strategic planning, Risk management plan and actions
- Develop enterprise cyber security risk management strategy to address short term, medium term, and long term needs.
- Design, develop and maintain Enterprise Information Security Architecture (EISA) by aligning business processes, IT software and hardware, local and wide area networks, people, operations, and projects with the organization’s overall security strategy
- Perform external analysis of the organization (e.g., analysis of customers, competitors, markets and industry environment) and internal analysis (risk management, organizational capabilities, performance measurement etc.) and utilize them to align information security program with organization’s objectives
- Identify and consult with key stakeholders to ensure understanding of organization’s objectives
- Define a forward-looking, visionary and innovative strategic plan for the role of the information security program with clear goals, objectives and targets that support the operational needs of the organization
3. Business Engagement
- Engage with business leaders on risk matters ranging from policy and governance to security risk operations.
- Provide active expert level support to bank’s ICT and business project team to ensure on target, on time and on budget delivery of the projects to meet business needs.
- AFDB has adopted a “Cloud first” strategy. Cloud-based platforms and software-as-a-service (“SaaS”) are widely used by IT and business units at the Bank. The incumbent will lead the unit to develop a cloud security strategy and be accountable for the implementation of the strategy.
- Provide administrative and tracking actions to the Vice President CHVP, while interfacing with the Business Continuity Unit, the Physical Security Unit, the Information Technology Department, the Operational Risk Team and the Group Chief Risk Officer.
- Lead and ensure coordination and consensus with other Bank teams to align processes and procedures to ensure a common approach to cyber risk management activities.
4. Lead Cyber Security Technology innovation at the Bank and provider highest level expertise advisory services to the senior management
5. Ensure all processes and access are in line with Bank policies.
6. Support internal and external audits.
7. Manage multiple projects with broad scope, ambiguity, and high degree of difficulty.
8. Maintain an advanced knowledge of all cyber risk principles, technologies and elements.
9. Understand the Bank global program structure, operations and support the High 5 strategy.
Selection Criteria
1. A Master’s degree in electrical engineering, systems engineering, computer science, computer engineering, information technology, management information systems, security and risk management or equivalent.
2. 8+ years’ work experience in relevant Information Security Risk position and 2+ years’ experience in a management role or a similar position or having equivalent skills and experience is highly desired. Practical experience with ISO 27000 is required. 3+ years’ experience in conducting or leading risk based information security assessments would be an added advantage.
3. Expert level experience in two or more CISO domains
4. Mandatory Certifications in ICT security (unless demonstrate the same level of knowledge):
- CISSP
- CISM and/or CISA
5. Desired Security Certifications and experience (one or more):
- Certified Ethical Hacker
- CCIE security
- SANS cyber defence
- Threat Intelligence
- Kali penetration testing
6. Structured project management experience in deploying cyber risk related initiatives.
7. Broad experience in computer and network systems focused on IT and cyber risks.
8. Experience leading teams.
9. Knowledge of regulatory compliance, standards, and frameworks such as ISO, NIST, COBIT and PCI DSS.
10. Proven understanding of information security risk assessment and risk management procedures and methodologies.
11. Ability to correlate enterprise risk with appropriate administrative and technical security risk controls.
12. Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
13. Functional understanding and knowledge of information technology risk principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption, and key management, cloud security, etc.).
14. Working knowledge of all operating systems
15. Dynamic and self-motivated to provide excellent services to the users
16. Have excellent interpersonal skills coupled with a collaborative style
17. Strong communication skills to enable effective engagement of team members and external providers.
18. Conflict resolution skills
19. Ability to advise senior management on complex systems development and related matters of significant importance to the institution; conceptual and strategic analytical capacity to understand information system and business operational issues so as to thoroughly analyze and evaluate critical systems matters.
20. Demonstrable experience in improving processes and approaches; demonstrable adaptability to changing priorities.
21. Keeps abreast of new developments in own occupation/ profession; good understanding of the new technology and industry trend.
22. Excellent team spirit, communication skill, both verbal and writing
23. Fluency in English and/or French with good working knowledge of another language.
How to Apply
Interested applicants should CLICK HERE to apply.