Job description

Job Purpose Statement

This role will drive the IT Governance, Risk and Compliance roles within Information Security department, by establishing the appropriate Information Technology and Information Security policy frameworks, driving compliance with best practice standards, regulatory requirements such as BNR regulations & data protection, and ensuring that IT risks are well managed and enshrined within the IT and Information Security departments.

This role will also manage the IT Business Continuity program, ensuring that IT services are available to the business and customers in the event of any unforeseen disruption, within the agreed service levels (RPO and RTO).

Key Accountabilities (Duties and Responsibilities)

Policy & Governance Framework 30%

• Custodian of Information Technology (IT) & Information Security (IS) policy and process governance frameworks.
• Manage the IT and IS policy framework, including creation, review, update, awareness and monitoring of policies.
• Keep up-to-date with regulations and prudential guidelines affecting information technology and information security, and continuously update the Bank’s policies, standards and procedures
• Administration and management of Information Technology and Information Security processes.
• Provide guidance to IT and Infosec by driving technology best practices (ITIL, ISO 27001, ISO 27701, PCIDSS), while enshrining these with the IT policies and practices.

Risk, Compliance & Audit Management 30%

• Risk champion for the IT and IS departments.
• Data Protection Officer for NCBA Rwanda
• Ensure compliance with IT and Infosec regulatory requirements and data protection
• Manage and act as the key liaison for all Internal and External IT and IS audit and risk assessment engagements.
• Manage the Information Security Awareness program and with external stakeholders, including awareness trainings, tools and reporting.
• Track and report on IT audit and risk findings, including managing IT management forums for discussion and reporting of these findings.
• Manage risk management tools and practices within IS; including Risk Control Self Assessments (RCSA) and Infosec risk registers.

Business Continuity Planning 20%

• Manage the Business Continuity Program (including IT Business Impact Analysis) within IT and Infosec.
• In liaison with the other IT stakeholders, maintain up-to-date disaster recovery plans and ensure recovery procedures are effective for restoration of key IT systems and therefore resumption of critical business processes
• Manage Disaster Recovery and backup testing schedules, reporting and remedial actions.
• Regular monitoring and reporting on any significant gaps on IT business continuity practices, including data replication and backups.

Customer 10%

• Work closely and maintain a positive working relationship with internal teams and outsourced partners in the remediation actions of incidents within SLA
• Direct and supervise the work of personnel and/or contractors assigned to the department.
• Monitor and communicate cybersecurity incidents and track the remediation
• Promote compliance culture within the Bank by providing guidance, training, consulting and coordinating cybersecurity compliance programs.
• Ensuring proper and prompt service delivery
• Maintaining effective communication with customers
• Demonstrating appropriate attitudes towards consumers

Learning and growth 10%

• Responsible for delivering the performance objectives set and managing his/her own learning and development to build capacity and avail him/herself for coaching and training opportunities.
• Achieve at least 50 hours of learning/training for both self and direct report through E-learning, Internal & External training activities.
• Actively seek to learn, grow and stay abreast of current developments/trends in relevant technical/professional knowledge areas
• Training and mentoring all bank staff around technology and cybersecurity aspects.

Stakeholder Management: key stakeholders that the position holder will need to liaise/work with to be successful in this role.

Internal

• IT Department
• Enterprise Risk Management & Compliance
• Internal Audit

External

• External Auditors
• Regulators

Ideal Job Specifications

• Bachelor’s Degree in, Information Systems, Computer Science, Information Security or related field required
• At least 4 years’ experience in IT, Information Security or IT Governance within a highly digitized organization.
• 2+ years’ experience conducting IT compliance assessments or IT governance and assurance/compliance assessments in an organization.
• Relevant certifications in IT & information security knowledge areas, such as ITIL, COBIT, Information Systems Audit, CISM, ISMS LI, Information Security Management or Business Continuity/Disaster Recovery.
• Knowledge of information security best practice & compliance standards.
• Knowledge and experience in audit management and reporting
• Prior experience working within a financial service organization will be an added advantage

Technical Competencies

• Knowledge to develop and manage Information Security strategy and policy frameworks.
• Technical skills to effectively perform IS security management activities/tasks in a manner that consistently achieves established quality standards or benchmarks.
• Knowledge to develop and manage Business Continuity and Disaster Recovery plans and processes.

• Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or benchmarks.
• Knowledge and application of modern IS security management practices and best practice compliance standards in financial services industry, to proactively define and implement security quality improvements in line with technological and product changes.
• Performance management to optimise personal and team productivity.

Behavioural Competencies

• Interpersonal skills to effectively communicate with and manage expectations of all team members and other stakeholders who impact performance.
• Self-empowerment to enable development of open communication, teamwork and trust that are needed to support true performance and customer-service oriented culture.
• Demonstrable integrity and ethical practices.