Information Security Risk Officer – Douala
UBA Cameroon
Douala, Littoral, Cameroon
·12 Apr. 2024
·Non spécifié
·Informatique - Electronique - Numérique
·Ingénieur informaticien
- Provide highly skilled, specialist services to produce security risk management policies, framework in line with industry standards.
- Identify and build processes for risk identification, registration and tracking for remediation.
- Review current business processes and technological processes to ensure security requirements are embedded as part of business as usual activity.
- Quantify identified risks and associated impacts and ensure prioritization of risk remediation program.
- Ensuring security compliance to industry mandated standard and regulatory requirements through periodic assessment on information assets to minimize risks in UBA and across subsidiaries.
- Conduct training for in-country information security heads on security risk assessment methodology, 3rd party assessment and processes, policy waivers etc.
- Develop and maintain an executive centralized risk dashboard for group, Regional and subsidiaries reporting for all medium to high risk. Heat Maps, Top Risk trend etc.
- Reviewing the payment infrastructure technology infrastructure and identifying where critical gaps exist and recommend remediation actions.
- Perform internal risk assessment as part of Swift CSP and that of payment systems on payment infrastructure i.e. Cardholder environment as per PCI-DSS mandatory requirement.
- Perform internal risk assessment based on ISO 27001 mandatory requirement standards yearly to ensure compliance and maintain certification.
- Perform maturity assessment based on industry standards on security compliance standards
- To serve as subject matter expert on issues relating to Information Security risks
- Delegate, Empower, Motivate and develop subordinate team members/staff
- Manage Policy waivers by following up on all waiver requests to an acceptable conclusion.
- Responsible for providing work around controls to compensate for granted policy waivers.
- Championing the course of information security awareness for staff as and customers across the group
- Responsible for conducting 3rd Party security due diligence to ensure UBA’s security policies and standards are met by all suppliers across the UBA group.
- Develop appropriate metrics for measuring the effectiveness of the risk management program in achieving the acceptable risk and impact levels.
- Mature the information security risk management function.
- Information Security and Risk Management
- Information Security Awareness
- Knowledge of payment products and their dependencies
- Knowledge of Information security audit and review
- Knowledge of Data Communications
- Knowledge of Incident response and control
- In-depth use of Security Assessment tools
- IS security Product Knowledge
- Knowledge of Cryptography
- PCI DSS controls. SWIFT CSP, ISO Standards
- Ability to work in a Multicultural Environment
- Proven track record of achieving results and managing teams.
- Ability to build rapport with Senior Executives and Cluster/Regional Managers
- Constructively manage all stakeholders and break barriers
- Ability to build and lead effective and successful teams
- Analytical thinker combined with skills of thinking outside the box
- Ability to effectively use technology to leapfrog the competition
- Withstanding pressure without it having effect on efficiency or quality
- Open to change and ability to create and drive change
- Ability to deal with ambiguity and a changing environment
- Strong analytical and diagnostic skills
- Bachelor’s Degree in Computer Science, System Engineering or Application Engineering
- Industry Certified Security Professional, Professional Security Certification is preferred (e.g., CISSP, CISA, ISO-27001 LI/LA, etc.), PCI DSS and ISO 2700x, SWIFT CSP
- Relevant Security Experience, at least 05 years in Risk Assessment, Remediation and Compliance.
- Project Management Experience
» Années d'expérience: Entre 5 ans et 8 ans
» Niveau Académique Minimum: Licence