The Manager – Information Security and Business Continuity would serve as a second line of defense to undertake independent risk assessments, conduct independent testing, monitor resolutions of security issues, threats and vulnerabilities and act as a strategic advisor on information security issues. This role is responsible for defining and maturing the 2nd line of defense by providing assurances to management and the Board on the overall security posture of the organization. The Manager – Information Security and Business Continuity will also be responsible for technical and administrative support for the development of Disaster Recovery, Incident Response and Business Continuity programs for the Corporation.
Independently and proactively assess, monitor and report on the overall Information Security health and risk environment at the Corporation and recommend strategies for improvement. Ensure that best practice HR initiatives and activities are recommended and utilized as enablers for achieving business targets.
- Develop and implement an ongoing risk assessment program for information security.
- Conduct independent risk assessments and testing of systems, applications and processes to monitor adherence to information security policies and to identify control deficiencies.
- Recommend methods for vulnerability detection and remediation and oversee vulnerability testing.
- Recommend to ICT appropriate and effective controls and action plans to mitigate identified information security threats and risks.
- Development and maintenance of an Information Security risk register and monitor the resolution of security issues, threats and vulnerabilities to completion.
- Collaborate with ICT to determine acceptable risk levels for the enterprise and develop Key Risk Indicators (KRIs) and monitor management of risks within the thresholds of the Risk Appetite Statement.
- Develop and enhance Dashboards to report and monitor security risks.
- Develop, document, and maintain repeatable mechanisms to determine, measure, and report to management an accurate view of significant current and emerging information security related risks.
- Provide regular updates to executive management and the Board on the overall Information Security health and risk environment and the current status of the information security program.
Co-ordination of Business Continuity Management including disaster recovery and incident response.
- Coordinate the development and operationalization of the BCP Plan with internal and external stakeholders
- Develop, implement and lead an Incident Reporting and Response process to address information security incidents or breaches.
- Identify and prioritize risks and recovery methodologies and work collaboratively with the Chief Information Officer to incorporate cyber disaster recovery planning into the information systems disaster recovery and business continuity plans;
- Facilitate testing of the BCP plan including incident response and disaster recovery.
- Review Business Impact Analysis of various departments and provide advice on incorporation in BCP Plan
- Enterprise training and awareness on Business Continuity Management
- Reporting to the Steering committee on decisions regarding the BCP Plan
- Provides assessments of business continuity risks to management and the Board of Directors.
Promotion of a culture of Security Awareness throughout the Corporation.
- Coordinate the development and delivery of an education and training program on information security for employees and other authorized users.
- Initiate, facilitate and promote activities to create information security awareness throughout the Corporation
Formulation and maintenance of Information Security Policy in line with the Enterprise Risk Management Framework to protect the confidentiality, integrity, and availability of information at the Corporation.
- Lead the development, documentation and maintenance of the Corporation’s information security policies to ensure operating efficiency and regulatory compliance.
Provide advisory services to the enterprise on information security matters.
- Act as an expert in the Corporation’s Information Security offerings, policies, procedures and standards.
- Provide guidance and advice on adequacy of security measures for new systems, strategic initiatives and projects.
- Participate in Information Technology projects ensuring they are developed and deployed within the Information Security policy.
- Collaborate with ICT to evaluate information security adequacy related to third parties to ensure conformance to the Corporation’s policy.
- Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Disaster Recover, Management of Data, Network Architecture and Design, User Access Management and Management of Third Parties
Leadership, management, coaching and mentoring of the Team.
- Development of team members with respect to technical, attitudinal and behavioral skills.
- Identify and make recommendations for effective career management of team members.
- Performance Management of team members
- Ensure team members adhere to the HR and other policies and procedures of the Corporation
- Identify staffing deficiencies and recommend appropriate staff compliment for bench-strength required by the Corporation
The selected candidate must possess the following combination of qualifications, skills, training and experience:
- A First Degree in a relevant field from an accredited tertiary institution
- Minimum of seven (7) years’ experience in a similar leadership role. Experience within a similar role in a financial institution would be an asset.
- Post graduate Certificate in a related field will be an asset.
- Suitable combination of training and experience
- Professional certification in Information Security such as:
Certified Information Systems Security Professional (CISSP) or
Certified Information Security Manager (CISM)
Certified Business Continuity Professional (CBCP)
- High confidentiality and integrity
- Passion for delivering excellent customer service
- Strong leadership and interpersonal skills
- Excellent communication skills both verbal and written
- Strong analytical, research, problem solving and decision-making skills
- Effective planning, organizing, monitoring and implementation skills
- Very good negotiating skills
- Ability to manage multiple projects
- Ability to lead and work in teams
All applications should be submitted no later than October 30th, 2021.