Reports to: Senior Manager, Risk & Compliance

Our client a Microfinance Bank is looking to fill in the position of an Assistant Manager – Information Security & Data Privacy.

JOB PURPOSE

The Assistant Manager – Information Security & Data Privacy will ensure overall compliance with laws, regulatory and ethical and integrity standards.

DUTIES AND RESPONSIBILITIES

• Advising and monitoring data protection requirements, and escalating matters as appropriate to the Senior Manager, Risk & Compliance;
• Facilitating compliance with data protection, privacy and banking confidentiality laws to the branches and subsidiaries;
• Designing and assisting with the implementation of the privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting;
• Recommending on practical solutions across the Bank and its subsidiaries and sharing leading practices with all business stakeholders;
• Acting as a point of contact with the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy and regulatory reporting.
• Advising and training Senior Management and staff on data processing requirements provided under the law and facilitating capacity building and training to staff involved in data processing operations;
• Promoting privacy by design working with local Product, Function and technology teams, and reviewing and advising on data protection impact assessments, where necessary; developing an understanding of data processing activities, data flows and associated privacy risks.
• Ensuring Data Privacy Impact Assessments are undertaken in line with data privacy laws.
• Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances;
• Conducting regular assessment and ensuring audits are conducted to ensure compliance with Data Protection Act;
• Advising on privacy-related considerations and requirements during the investigation of security incidents and advising on notifications to privacy regulators;
• Advising and follow up for the implementation of new data protection, privacy and banking confidentiality laws;
• Assessing risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding the Bank.
• Assist in preparation of Executive management reports and Board papers.

Additional duties as assigned:

• Ensure the implementation and enforcement of the Organization’s cyber security framework by maintaining an up-to-date knowledgebase of the organization’s information assets
• Ensuring that information systems meet the needs of the Organisation, by enhancing Information Security practices in the Organisation including information security risk management and mitigation activities, security-in-design for information system development projects and ensuring compliance to the overall business strategies, ERM framework, risk appetite and Organisation policies.
• Review and advice on the cyber security controls with the consideration of users at all levels of the organization, including internal (i.e., management, permanent & contract staff and direct sales representative) and third-party users/external users (i.e., contractors/consultants, business partners and service providers).
• Assessment of the confidentiality, integrity, and availability of the information systems in the Organisation, taking into consideration the following:
• Detailed documentation of exceptions to the approved cyber security policies and procedures.
• Cyber risk identification.
• Assessment of the effectiveness of the approved cyber security program.
• All material cyber security events that affected the Organisation during the period.
• Maintain a comprehensive cyber risk register. Risk identification should be forward looking and include the security incident handling.
• Review and advice on security audits, vulnerability, and threat assessments.
• Creating and maintaining a register on comprehensive records of all data processing activities conducted by the Organisation, including the purposes of all processing activities which must be made public on request.
• Ensuring fulfilment of legal and contractual information security and privacy mandates
• Review the Organisation’s network reports and systems on the Organisation’s SIEM and other security tools and investigate all possible related incidents with recommendations on corrective measure.
• Support the unit in the review of all relevant logs to identify and address activity that is not consistent with set out Information security guidelines and standards.
• Review and test the resilience and preparedness levels attributed to the Organisation’s Business Continuity Plan

QUALIFICATIONS, EXPERIENCE AND COMPETENCIES

Minimum Qualifications & Experience

• Undergraduate degree in ICT or any other related course
• 5 years within a Risk or Compliance department or any control function in a financial institution
• Experience in the interpretation and implementation of Data Protection Act will be a distinct advantage
• Experience in information security practises is desirable.

Competencies

• Expertise of Compliance laws, rules, regulations, risks and typologies;
• Excellent written, verbal, and analytical skills
• Must be a self-starter, flexible, innovative and adaptive;
• Highly motivated, strong attention to detail, team oriented, organized
• Strong presentation skills with the ability to articulate complex problems and solutions through concise and      clear messaging.
• Awareness of regulatory requirements including local and international laws, regulations (FATCA & General      Data Protection Regulation) and industry standards