Group IT Risk and Information Security Manager

Closing Date: 
Wednesday, March 3, 2021
Location of the Job: 
Gaborone, Botswana
Reference Number: 
Group IT Risk and Information Security Manager
Company Letshego Holdings Limited
Reference # Group IT Risk and Information Security Manager
Published 22/02/2021
Contract Type Permanent
Salary Market Related
Location Gaborone, South East, Botswana
   
Introduction
The role exists to ensure that the Risks associated with delivering Technology Solutions and Services to Letshego Business is kept to an acceptable risk level. Reducing the recurrence of Audit findings through root-cause analysis. In addition ensuring that the Information and Cyber Security policies and frameworks are aligned to Financial Services best practices and acceptance levels of the Letshego Business owners.
   
Job Functions Information Technology,Investigation & Compliance,Risk Management,Safety & Security
   
Industries Banking / Finance & Investment,Financial Services
   
Specification
7.1.Lead team in defining road map for achievement of security maturity based on agreed standards (ISO,NIST,COBIT etc) for IT processes
7.2.Review of the Group’s critical assets, risk assessment and recommendation of appropriate and adequate IT security controls to mitigate and minimise information security risks.
7.3.Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT teams on effective responses or control measures and improvement of ICT program development, management and evaluation processes
7.4.Continuous evaluation of effectiveness of ICT controls in addressing risks to ensure consistency in achieving compliance requirements (regulatory, standards and internal policies). Includes coordination of efforts with third parties for penetration testing exercises.
7.5.Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
7.6.Produce regular management reports on the status of information risk and cyber risk across the organisation.
7.7.Ensure that IT Risk and Information and Cyber Security are aligned to Industry developments and opportunities associated with lower risk, higher efficiency or cost optimisation
7.8.Expected to provide oversight and management to Projects to ensure that Risk reduction, adherence to Information Security Policies are incorporated into solutions developed
7.9.Travel to different countries subsidiaries should be anticipated on a demand basis
7.10.Collect information to analyze and evaluate existing or proposed systems, with respect to risk evaluation and compliance to existing or new Information and Cyber Security Policies
7.11.Ensure that the Information Security Policies, Processes and Procedures adequately address the threats to the Group through IT Technology and its associated Customer touch points
7.12.Work with Banking Operations teams and IT Applications to determine areas of System Automation for efficiency, control and risk mitigation with intent to improve overall Service delivery
7.13.Lead Information and Cyber Security teams to ensure that Projects and initiatives are completed within agreed timelines and budget.
7.14.Align with Group & Vendor Project Managers, Scrum Masters, Product Managers and staff to ensure that resource planning, prioritisation of activities and commitments to project delivery are aligned and subordinates understand their roles and accountability
7.15.Establish a strong working relationship with Business Leads, Project Managers, Scrum Masters, Product Managers, Project team members and Vendors to ensure successful delivery of project objectives
7.16.Adheres to strict governance policy and procedures when executing job responsibilities and accountabilities are met, Internal Control Frameworks, Access Control is implemented to ensure appropriate segregation of duties and or where agreed mitigating controls are in place.
7.17.Understands and comply with all Group policies and procedures and ensure that these adhere to the highest level of controls.
7.18.Address control weaknesses and/or audit queries promptly and accountable Technology teams close all items before the designated closure date.
7.19.Drive access standards and rights to ensure segregation and or risk based control and ensuring access is reviewed and updated in accordance with Access policy.
7.20.Oversee IT related purchasing budget preparation and monitoring with support from Finance
7.21.Negotiation of prices and achieving best values on IT purchases
   
Requirements
•A degree or post graduate degree is essential – with key focus of the degree being on IT or related
•Minimum of 10 years overall Risk Management experience with an expected minimum of 7 experience at a Financial Institution or experience in similarly heavily regulated industries
•Experience with Governance and Risk Management Frameworks, ISO27K, NIST 800 and CSF, FFIEC, CIS Critical Security Controls, and Financial Institution Regulatory Requirements
•Understanding of ISO27001 and PCI-DSS security frameworks for implementation of Information Security Controls and Cyber Security prevention
•Working knowledge of SOC/NOC Operations and objectives
•People Management skills that incorporate leadership, advising, mentorship and execution of duties.
•Analytical skills to assess and develop Risk Mitigation methodologies and reduction of risk across the Group’s Technology footprint
•Cost Management and Financial Management for the planning and adherence to IT Budget
•Report Generation and Presentation development to present Technology Risk in an easy to understand way for business

Microsoft or Cisco certifications, Agile , Risk and Information Security certification

•Understanding of network administration and support, cyber security, disaster recovery
•Understanding of Microsoft Enterprise technologies
•Broad knowledge of IT infrastructure and Service Providers, including Public/Private Cloud
•Understanding of IT Infrastructure Virtualisation
•Strong knowledge of ITIL disciplines
•Broad knowledge of hardware, networks, operating systems, databases and information security in the context of Enterprise Technology Ecosystems
•Knowledge of change management processes
•Knowledge of Agile ways of working
•Working experience of cost management and adherence to budget planning and constraints
•Working Knowledge of Risk Management, Information Security and associated frameworks
•Working Knowledge of Audit processes, and ensuring compliance to reduce overall risks of Technology to the Business
•Influential and articulate presentation and negotiation skills.
•Able to convert technical jargon to a business audience.
•Good verbal and written communication skills.
•Good interpersonal and teamwork skills.
•Flexibility to respond and adapt to new, different, or changing situations, requirements, or priorities.
•Experience with overall infrastructure components like databases, storage, backup, network (WAN/LAN), firewalls, Enterprise Systems Management
•Report generation for Management Information
•Time Management skills ensuring that work effort is aligned to skills and demands of the organisation
Job Closing Date 08/03/2021
To apply click on the link: https://letshego.jb.skillsmapafrica.com/