Information Risk Analyst

Key Responsibilities

• Conduct periodic IT risk assessment to ensure all risks have been identified have been, brought to the attention of management and appropriate control measures implemented to mitigate risk;
• Provide information risk consultation and guidance during system, application development and e-product development to assure that security concerns are fully addressed in the process;
• Conduct operating systems, application security including web application and database security risk assessment      and report findings to management;
• Conduct logical and physical access control risk assessment to ensure systems security is not compromised;
• Be involved in periodic penetration testing to uncover any loopholes in the bank’s network;
• Review and accredit newly developed systems before deployment in live environment;
• Coordinate self-assessments, gap assessments, risk acceptance and other control related efforts with the business, controls and compliance functions;
• Liaise with Risk Heads in subsidiaries with a view of ensuring that Group standards are met;
• Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT department on effective responses or control measures within subsidiaries;

The Person

For the above position, the successful applicant should have the following: 

• BSc (Computer Science) or related field
• Professional qualification/Certification in CISSP, CISA, CISM, CRISC.  
• Master’s degree is an added advantage. 
• 4 years’ work experience in the same or related role, with at least: -
• 4 years’ experience in Information Technology (any domain). 
• 2 years’ experience in Information Risk Management
• 2 years’ experience in Systems Audit. 
• 1-year experience in Forensics is desired 
• 2 years’ experience in Information Security
• 2 years’ experience in Change and Project Management.