Senior Manager - Cybersecurity Risk

D360 Bank

The role is responsible for managing and overseeing the organization s information security risk management framework. This role ensures that security risks are identified, assessed, mitigated, and reported in alignment with regulatory requirements, business objectives, and industry best practices. He/she also supports incident management, policy development, and compliance initiatives to strengthen the organization s security posture.

Preferred Qualifications

• A tertiary level qualification from a recognized institution
• Industry-recognized certifications in CISSP, CISM, CISA, CRISC, or ISO 27001 or other relevant certifications preferred.

Years & Nature of Experience

• Recommended 5 to 7 years of equivalent experience where required competencies and experience has been demonstrated in Enterprise and Information Risk Management, IT industry standards, and compliance.
• Demonstrable experience of information risk management techniques, frameworks, and practices
• Strong knowledge and understanding of regulatory compliance requirements, internal audit concepts, standards and processes
• In-depth internal control knowledge of core IT technologies and processes.
• Excellent analytical, problem solving and decision-making skills, applied with a solution-focused attitude.
• Performing cybersecurity related impact and risk assessments.
• Communicating how gaps in knowledge from monitoring or threat intelligence impacts on effectiveness of cybersecurity strategy.
• Using risk scoring to inform performance-based and cost-effective approaches to help an organization manage its cybersecurity risk.

Technical Competencies

• Governance, risk, and compliance (GRC)
• Information security frameworks

Behavioral Competencies

• Communication
• Problem Solving
• Attention to detail
• Analytical Thinking
  

• Effectively communicate cybersecurity risks and posture to senior management.
• Develop security risk profiles of computer systems by assessing threats to, and vulnerabilities of, those systems.
• Develop risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite.
• Develop specific cybersecurity countermeasures and risk mitigation strategies.
• Develop statements of preliminary or residual cybersecurity risks for system operation.
• Ensure that decisions relating to cybersecurity are based on sound risk management principles.
• Perform risk analysis whenever an application or system undergoes a major change.
• Provide input to the risk management framework and related documentation.
• Ensure cybersecurity risks are identified and managed appropriately through the organization's risk governance process.
• Carry out a cybersecurity risk assessment.
• Work with others to implement and maintain a cybersecurity risk management program.
• Identify and assign individuals to specific roles associated with the execution of the Risk Management Framework.
• Establish a risk management strategy for the organization that includes a determination of risk tolerance.
• Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis.
• Work with organizational officials to ensure continuous monitoring tool data provides situation awareness of risk levels.
• Use continuous monitoring tools to assess risk on an ongoing basis.
• Develop methods to effectively monitor and measure risk, compliance and assurance efforts.
• Determine and document supply chain risks for critical system elements, where they exist.
• Perform any other duties assigned to by line manager related to the nature of the work
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.