Senior IT-Cyber Security Risk Management Officer

Job Summary

The Senior IT Cyber Security Risk Management Officer is responsible for performing IT cybersecurity risk analysis and strengthening proactive risk management across the Bank.

The role focuses on identifying control gaps, developing cybersecurity policies and procedures, conducting risk assessments, ensuring regulatory compliance, and supporting business continuity and disaster recovery programs.

Reports To

• Senior Manager - IT Cyber Security Risk and Business Continuity Management

Work Place

• Finfinne, Head Office

Key Responsibilities

• Design information security protection and management frameworks, guidelines, and best practices aligned with ISO 27001, NIST, and banking regulations.
• Lead enterprise-wide security architecture review and development.
• Oversee vulnerability assessments, penetration testing, and forensic IT investigations.
• Ensure remediation of identified security weaknesses and improve the Bank’s security posture.
• Develop and implement cybersecurity awareness and risk culture programs.
• Establish, implement, and monitor IT security policies, standards, and procedures.
• Ensure timely execution of security controls in line with internal and regulatory requirements.
• Track, monitor, and validate security issues and remediation actions.
• Provide management with regular reports on cyber risks, incidents, and emerging threats.
• Maintain and update enterprise risk registers.
• Perform IT and Cybersecurity Risk and Control Self-Assessments (RCSA).
• Assess inherent risks, control effectiveness, residual risks, and risk appetite metrics.
• Collaborate with Infrastructure, Application, and Internal Audit teams on governance and assurance.
• Ensure cybersecurity requirements are integrated into SDLC and IT operations.
• Liaise with regulators and oversight bodies regarding cybersecurity compliance.
• Develop and deliver cybersecurity training programs for staff.
• Lead Business Continuity Management (BCM) and Disaster Recovery (DR) activities.
• Conduct Business Impact Analysis (BIA), continuity planning, and DR testing.
• Ensure alignment between cybersecurity and BCM frameworks.
• Perform other duties assigned by the supervisor.

Qualification

• Master’s or Bachelor Degree in Information Communication Technology, Computer Engineering, Computer Science, Information Systems, Electrical and Computer Engineering, Management Information Systems, or related fields.

Experience

• Minimum 6 years of progressive experience in cybersecurity, preferably in the banking or financial services sector.
• At least 3 years of experience in Cybersecurity Governance, Risk Management, Compliance (GRC), and/or Business Continuity Management (BCM).
• Proven experience in risk assessment, regulatory compliance, and cybersecurity framework implementation.

Professional Certifications

• At least one of the following certifications is required:
• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CGEIT (Certified in the Governance of Enterprise IT)
• ISO 27001 Lead Implementer
• ISO 27001 Lead Auditor
• ISO 22301 Lead Implementer or equivalent certifications

Required Competencies

• Strong understanding of cybersecurity threats, trends, and emerging risks.
• Ability to design and monitor cybersecurity KPIs and KRIs.
• Strong knowledge of GRC and security management platforms.
• Capability to lead BCP, BIA, continuity planning, and DR testing.
• Strong IT and cybersecurity risk monitoring skills.
• Excellent reporting, presentation, and communication skills.
• Ability to build relationships with internal and external stakeholders.
• Strong knowledge of banking regulations including NBE directives.
• Ability to manage vendors, consultants, and third-party service providers.
• Strong analytical, problem-solving, and innovative thinking skills.
• Ability to align security controls with the Bank’s risk appetite.
• Integrity, professionalism, and ability to work under pressure.

Female applicants are encouraged to apply.

Skills Required:

• Computer / Software / It / Data