Summary
Date Posted: Friday, September 22 2023, Base Salary: Not Disclosed

JOB DETAILS:
Job Purpose
• The Responsible for ensuring the safety and security of the Bank’s data assets, in addition to implementing and managing security measures that protect sensitive data from unauthorized access, theft, or damage. The role will also be responsible for identifying potential security risks and remediation of vulnerabilities within the organization’s data assets. This also includes the enforcement of security solutions to ensure that the Business is aligned and adheres to Data Security Management Policies, Processes, Procedures and Internal Controls that will drive the entire Data Security Management culture across the Division and the Business as a whole to assure compliance with applicable Regulatory and Legal requirements as well as Best Practices.
• Requirements

Job Responsibilities
• Design, implement and maintain IT security infrastructure and systems that integrate capabilities and technologies to address identified risks and enable strategic and/or tactical IT solutions that enable the business
• To ensure a secure business environment and protection of stakeholder value through ensuring availability, integrity and confidentiality of applications, networks and infrastructure as required by the business
• Apply industry standard risk management techniques and knowledge across various capabilities to determine the effectiveness of the deployed security Application/infrastructure/products and to create action plans that remediate identified risks.
• Implements and maintains a privacy governance framework to manage data use in compliance with applicable data protection regulations, including developing policies, standards and templates for data collection, and assists with data mapping, and vendor management reviews.
• Ensure that Data is secured and protected across the infrastructure through the implementation encryption and other techniques.
• Collaborates with the Information Security function(s) to maintain records of all data assets and exports and maintains a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications.
• Implementation of encryption technologies to data at rest and in-transit.
• Ensuring that application deployment and integration are implemented securely to ensure data security.
• Ensure that Third-Party integration with core infrastructure is implemented as per best practice.
• Support and participate in the IT Disaster Recovery Plan, DRP planning and testing
• Identify security shortcomings in application systems across the Bank and recommend appropriate policies to ensure that best practices and standards are complied with.
• Ensure that secure protocols are deployed across the infrastructure to ensure data security.
• Work with information systems analysts to refine web application penetration testing methods and breadth of security services.
• Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the application development cycle.
• Assist with periodic security risk assessments, IT security audits, and management reporting.
• Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model

IT Security Operations:
• Designing and implementing of Information Security to the Cyber Security Tools and Processes within the Bank Information Technology Security Team to ensure overarching of Data Security Strategy for the institution Threat Management and Response initiatives.
• Management and execution of all Data Security Incidents Reporting and Documentation.
• Ensure that multi-device management, multi-factor authentication, or identity management is implemented across core application to reduce the risk of a data breach.
• Monitors compliance and data practices internally to ensure compliance with the applicable requirements under various data privacy regulations.
• Facilitate secure ICT deployments to ensure Integrity, Confidentiality and Availability.
• Regularly review Threat Intelligence and thus disseminate information and countermeasures concerning Threats and Vulnerabilities.
• Ensure Data Security Compliance for all Bank Assets.
• Works with key internal stakeholders in the review of projects, related data, and agreements to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments
• Provide Technical inputs, evaluate and recommend new and emerging security Products and Technologies.

Vendor Management:
• Manage sourcing Strategy, Benchmarking and Contract Lifecycle.
• Accountable for Internal and External Service Level Agreements with other departments and various 3rd party Vendors/Service Providers.
• Research and make recommendations on hardware and software purchases and assist Procurement Management Tender Committee to ensure cost-effective purchasing decisions.
• Establish a Penalties System and imbed within the SLA to hold Vendors to be more accountable.
• To provide input into the development of Procurement governance guidelines. Risk Management:
• Evaluate risk likelihood and impact and prioritize them for analysis and response planning.
• Ensure that all risks applicable to any area is identified, assessed, reported and captured in the Risk Register.
• Ensure accurate and complete reporting of risk events within the stipulated time line (i.e. 7 calendar days).
• Ensure all emerging risks are reported and mitigating factors put in place.
• Identify, monitor and report Key Risk Indicators (KRIs) in respective unit/department.
• Ensure to operate within the given risk appetites and report any breaches promptly.
• Implement and Close all Audit recommendations, identified control weaknesses from Risk and Control Self- Assessment (RCSAs), Consultancy Reports or Customer Complaints and Risk events.
• Participate in the annual review of Procedure Manuals when requested.
• Ensure familiarization with and adherence to the Zanaco Enterprise Risk Management framework and participate in Risk Management Trainings organized by Integrated Risk Management (IRM) Unit.

• Work Level
• Senior
• Job Type
• Permanent
• Salary
• Market Related
• EE Position
• No
• Location
• Lusaka

Education Requirement: No Requirements

Job Experience: No Requirements

Work Hours: 8

Experience in Months:

Level of Education:

Job application procedure
• Interested and qualified? Click here to apply

All Jobs

QUICK ALERT SUBSCRIPTION