Assistant Manager – Information Security & Data Privacy
1 year ago
Industry: Commercial & Retail Industry
Salary Range: Confidential
Reports to: Senior Manager, Risk & Compliance
Our client a Microfinance Bank is looking to fill in the position of an Assistant Manager – Information Security & Data Privacy.
The Assistant Manager – Information Security & Data Privacy will ensure overall compliance with laws, regulatory and ethical and integrity standards.
DUTIES AND RESPONSIBILITIES
- Advising and monitoring data protection requirements, and escalating matters as appropriate to the Senior Manager, Risk & Compliance;
- Facilitating compliance with data protection, privacy and banking confidentiality laws to the branches and subsidiaries;
- Designing and assisting with the implementation of the privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting;
- Recommending on practical solutions across the Bank and its subsidiaries and sharing leading practices with all business stakeholders;
- Acting as a point of contact with the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy and regulatory reporting.
- Advising and training Senior Management and staff on data processing requirements provided under the law and facilitating capacity building and training to staff involved in data processing operations;
- Promoting privacy by design working with local Product, Function and technology teams, and reviewing and advising on data protection impact assessments, where necessary; developing an understanding of data processing activities, data flows and associated privacy risks.
- Ensuring Data Privacy Impact Assessments are undertaken in line with data privacy laws.
- Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances;
- Conducting regular assessment and ensuring audits are conducted to ensure compliance with Data Protection Act;
- Advising on privacy-related considerations and requirements during the investigation of security incidents and advising on notifications to privacy regulators;
- Advising and follow up for the implementation of new data protection, privacy and banking confidentiality laws;
- Assessing risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding the Bank.
- Assist in preparation of Executive management reports and Board papers.
Additional duties as assigned:
- Ensure the implementation and enforcement of the Organization’s cyber security framework by maintaining an up-to-date knowledgebase of the organization’s information assets
- Ensuring that information systems meet the needs of the Organisation, by enhancing Information Security practices in the Organisation including information security risk management and mitigation activities, security-in-design for information system development projects and ensuring compliance to the overall business strategies, ERM framework, risk appetite and Organisation policies.
- Review and advice on the cyber security controls with the consideration of users at all levels of the organization, including internal (i.e., management, permanent & contract staff and direct sales representative) and third-party users/external users (i.e., contractors/consultants, business partners and service providers).
- Assessment of the confidentiality, integrity, and availability of the information systems in the Organisation, taking into consideration the following:
- Detailed documentation of exceptions to the approved cyber security policies and procedures.
- Cyber risk identification.
- Assessment of the effectiveness of the approved cyber security program.
- All material cyber security events that affected the Organisation during the period.
- Maintain a comprehensive cyber risk register. Risk identification should be forward looking and include the security incident handling.
- Review and advice on security audits, vulnerability, and threat assessments.
- Creating and maintaining a register on comprehensive records of all data processing activities conducted by the Organisation, including the purposes of all processing activities which must be made public on request.
- Ensuring fulfilment of legal and contractual information security and privacy mandates
- Review the Organisation’s network reports and systems on the Organisation’s SIEM and other security tools and investigate all possible related incidents with recommendations on corrective measure.
- Support the unit in the review of all relevant logs to identify and address activity that is not consistent with set out Information security guidelines and standards.
- Review and test the resilience and preparedness levels attributed to the Organisation’s Business Continuity Plan
QUALIFICATIONS, EXPERIENCE AND COMPETENCIES
Minimum Qualifications & Experience
- Undergraduate degree in ICT or any other related course
- 5 years within a Risk or Compliance department or any control function in a financial institution
- Experience in the interpretation and implementation of Data Protection Act will be a distinct advantage
- Experience in information security practises is desirable.
- Expertise of Compliance laws, rules, regulations, risks and typologies;
- Excellent written, verbal, and analytical skills
- Must be a self-starter, flexible, innovative and adaptive;
- Highly motivated, strong attention to detail, team oriented, organized
- Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging.
- Awareness of regulatory requirements including local and international laws, regulations (FATCA & General Data Protection Regulation) and industry standards