Head IT Security, Governance, Risk & Controls (X1)

Zanaco PLC is inviting applications from suitably qualified and experienced individuals for the following job aimed at contributing to the Bank’s strategic vision, in the Information Technology Division under the IT Security, Governance, Risk & Controls Department at Head Office: –

Job Purpose

The role is responsible for Planning, Designing, Directing and Implementing the overall functions of the Applications Security Assurance, Information Technology Continuity, Network Security and Information Technology Security Operations as well as cross-functional engagements with the Integrated Risk Management (IRM) Team to ensure security and governance for the Bank countrywide. The responsibility oversees the enhancements and enforcement of all Information Technology Security Controls and Operations Policies, Procedures and Internal Controls that will drive the entire Security environment culture across the Division and the Business as a whole to assure compliance with applicable Regulatory and Legal requirements as well as Best Practices.

The role will ensure that the Bank’s Information Technology Business Strategy is achieved through continuous improvement and focusing on innovating new Security Solutions, adherence to Budget and Performance, designing risk controls and implementing Industry Best Practice across the Organization. The role holder will work across multiple frameworks and regulatory standards including, but not limited to, NIST, ISO, PCI-DSS and will liaise with all Business groups including but not limited to Legal, Compliance and other stakeholders within and outside Zanaco to implement new solutions and processes as well as document and remediate outstanding issues.

Under the supervision of the Chief Information Officer, the following are among the Job Key Responsibilities: –

  • Creating and implementing a strategy for the deployment of information security technologies
  • Performing IT security risk assessments and reporting on ways to minimize threats
  • Monitoring security vulnerabilities and hacking threats in network and host systems
  • Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
  • Communicating with key stakeholders about IT security threats
  • Implementing an effective process for the reporting of security incidents
  • Developing strategies to handle security incidents and trigger investigations and overseeing the investigation of reported security breaches
  • Managing the IT security team, security experts and advisors
  • Complying with the latest regulations and compliance requirements
  • Managing the daily operation and implementation of the IT security strategy
  • Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
  • Running security audits and risk assessments and ensuring compliance and governance is met
  • Delivering new security technology approaches and implementing next generation solutions
  • Overseeing the management of the IT security department, giving leadership to the team and developing staff
  • Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
  • Protecting the intellectual property of the organization at all times
  • Devising strategies and implementing IT solutions to minimise the risk of cyber-attacks
  • Information Technology Business Continuity Risk Planning, Testing, Strategy, Implementation to ensure embedding of the Business Continuity Management culture and reporting.
  • Management and coordination of the Disaster Recovery Plan, updating it as and when it is needed, managing the Disaster Recovery Process as well as planning for the Disaster Recovery Functions of Information Technology
  • Responsible for Developing, Implementing and Monitoring Policies, Processes and Procedures for the overall Integrity of the Information Technology Disaster Recovery System for the Bank.
  • Inspection of Backup Procedures, Backup Storage, and Backup Data Integrity.
  • Coordinating all Information Technology related Audit Investigations with all Stakeholders to validate non-conformities, and spearhead the Process.
  • Planning and Management of Security Systems and Network across the entire Bank Topology and ensuring Network and Firewall Security and log Management.
  • Leading the Development and Implementation of a strong, cost effective and coherent Network and Firewall Security Strategic for the Bank.
  • Management and Maintenance of Vendor relations for off the shell Services and Service outsourcing for Information Technology Security.
  • Ensure Network Security Best Practices are implemented through Auditing: Router, Switch, Firewall Configurations, Change Control and Monitoring.
  • Responsible for Network Security Budgeting of Security Tools/ Training for Security Operations Analysts (SOC).
  • Designing and implementing of Information Security to the Cyber Security Tools and Processes within the Bank Information Technology Security Team to ensure overarching of Data Security Strategy for the institution Threat Management and Response initiatives.
  • Regularly review Threat Intelligence and thus disseminate information and countermeasures concerning Threats and Vulnerabilities.
  • Provision of input to Technology Security Controls and Operations Strategy and Budget.
  • Provide Technical inputs, evaluate and recommend new and emerging security Products and Technologies.
  • Act as Risk Control Self-Assessment (RCSA) champion for IT Division and the entire Business.
  • Evaluate risk likelihood and impact and prioritize them for analysis and response planning:
  • Ensure that all risks applicable to any area is identified, assessed, reported and captured in the Risk Register.
  • Ensure all emerging risks are reported and mitigating factors put in place.
  • Identify, monitor and report Key Risk Indicators (KRIs) in respective unit/department.
  • Ensure to operate within the given risk appetites and report any breaches promptly.
  • Implement and Close all Audit recommendations, identified control weaknesses from Risk and Control Self- Assessment (RCSAs), Consultancy Reports or Customer Complaints and Risk events.
  • Participate in the annual review of Procedure Manuals when requested.
  • Ensure familiarization with and adherence to the Zanaco Enterprise Risk Management framework and participate in Risk Management Trainings organized by Integrated Risk Management (IRM) Unit.
  • Any other responsibilities as may be assigned by management

Internal/External Contact:

  • External: Vendors, Consultants, Industry Networks
  • Internal: All Divisions

Qualifications and experience

  • IT related Degree
  • Masters in ICT Security will be an added advantage
  • At least eight (8) years’ experience working experience in IT Technology with experience in Banking
  • Certifications Required: ISO 27001, COBIT 5, ITIL, CISM, CISA, CISSP

Job Core Competencies:

  • Excellent communication skills – verbal and written
  • Presentation and Reporting skills
  • Leadership skills
  • Research/ Information gathering skills
  • Networking Skills
  • Stakeholder Management
  • Budget Management
  • Drive for results

Method of Application

All applications must have an application/cover letter and detailed curriculum vitae indicating the position being applied for in the subject line and should be sent by email:

Kindly note that you MUST attach copies of Grade 12 and Tertiary qualifications along with the application cover letter and curriculum vitae. Applications sent without these attachments WILL NOT be considered.


Zanaco provides equal opportunity in employment for all qualified persons and prohibits discrimination in employment (women are encouraged to apply).

Application deadline
26 Jul 08:59
Email applications to
Zambia National Commercial Bank (ZANACO) image
Zambia National Commercial Bank (ZANACO)
Personal banking
Agribusines and SME business banking
Corporate finance
Electronic payment systems
Zambia National Commercial Bank, commonly known as ZANACO provides personal and business banking, corporate finance, Visa payment systems, investment and loan facilities. ZANACO is the largest financial services provider in Zambia. ZANACO has partnered with Zampost to allow customers to deposit and withdraw funds from their accounts from anywhere in Zambia. The bank has a special interest in agribusiness and small and medium enterprises, offering SMEs payroll solutions.

Run a business in Zambia?

Online Business Essentials – Everything you need to market your business online
Ecommerce – Everything you need to start an online store and sell online
Branded Website – Everything you need to launch a business website

About us

Find suppliers for whatever you need in Zambia
Each supplier page has all the information you need to choose the best option for you — contact details, directions, opening times, photos, prices, products, services, special offers and more.
Our mission
Provide useful information about businesses in Zambia
Empower Zambian businesses to market themselves online
Share our beloved country and continent with the world
© 2020 Infobwana Ltd. All rights reserved