Zambia National Commercial Bank Plc (Zanaco) is inviting applications from suitably qualified and experienced individuals for the following job aimed at contributing to the Bank’s strategic vision, in the Risk Division under the Integrated Risk Management Department to be based at Head Office: –
o The Information Security Risk Head shall lead Information Security Risk Management planning to achieve business goals by prioritizing initiatives and coordinating information risk identification, evaluation, mitigation, deployment and management of controls.
o The role holder will provide direction and oversight of the Bank Information Security Risk Management strategy, development, implementation, and administration of information security risk practices, policies, plans, controls, projects and associated technologies aimed at protecting, defending and extending corporate information and business technologies.
Under the supervision of the Head Integrated Risk Management, the following are among the Key Job Responsibilities: –
o Provide leadership and oversight to our Incident Management Program, Vulnerability Management program and Information Security Risk mitigation strategies.
o Remain informed on trends and industry practices, including current and emerging technologies, cyber threats, and risks to provide advisory to management insights and users on their relative importance and financial impact(s).
o Develop, track, and control the Information Security Risk annual operating and capital budgets for purchasing, staffing, and operations.
o Provide leadership and guidance with respect to the security objectives and controls for all Information and Technology related audit and regulatory findings or compliance issues.
o Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated strategic plans for system security and identity management on industry-standard best practices.
o Reporting of key information security risk, Key Risk Indicators, emerging risks, performance matrices and continuous improvement programmes.
o Participate in the review of Information Risk on Information and Technology related project and approve information security architectures associated with each initiative.
o Develop and oversee incident response planning as well as the investigation of information security breaches creatively and independently provide resolution to information security problems in a cost-effective manner.
o Responsible for developing and executing information security risk assessments and incident management plans across the organization to ensure continuity of business operations and supporting technologies.
o Establish market-leading information security and risk management posture and represent the Bank as information security risk management expert with external customers and partners as required to deliver upon business objectives.
o Collaborate with the Head Integrated Risk, Departmental Heads and Divisional Chiefs to develop long term plans and objectives, incorporating the security of information in the Bank.
o Develop and lead an effective, efficient and collaborative Information Security Risk Management posture and set of processes.
o Ensure efficient management of demand and projects across all functional organisations
o Any other responsibilities or task as maybe assigned by management.
External: ZICTA, BAZ, security vendors
Internal: All Divisions
Qualifications and Experience
o Grade 12 certificate with a minimum of 5 credits, of which English and Mathematics are mandatory.
o University Degree in Information Technology or Related Field.
o Certifications: CISM, CRISC, CISA, CEH, CISSP, SCP, CISMP, ISO 270001/2, COBIT 5, PCI DSS or related Information Risk Certification.
o Must be a member of ISACA and/ or ICTSZ.
o At least ten (10) years working experience in IT, five (5) of which must be in Information Security or Risk Management at a senior management level.
o Strong knowledge of Information Technology, Banking Applications and Network Security.
o Banking knowledge and strong business acumen.
o Familiarity with Zambian Laws on Cyber security.
o Familiar with ISO 270001/2, COBIT 5, PCI DSS.
o Knowledgeable of the Electronic Communications Act of 2009.
Job Core Competencies
o Highly developed Interpersonal skills,
o Planning and organizing
o Optimizing for the accomplishment of tasks
o Drive results
o Effective time management
How to Apply
All applications must have an application/cover letter and detailed curriculum vitae indicating the position being applied for in the subject line and should be sent by email to: