JOB SUMMARY:

Assistant Manager, IT Security is responsible for managing and enhancing the organization's cybersecurity framework, safeguarding the bank's systems, data, and network. This role includes deploying, monitoring, and maintaining a variety of security solutions, ensuring the protection of critical banking infrastructure. The Assistant Manager will oversee the deployment and administration of security technologies, collaborate with the security team, investigate and respond to security incidents, and stay current on evolving cyber threats to ensure a comprehensive defense against cyberattacks.

KEY RESPONSIBILITIES:

Financial - 15%

• Ensure that the Bank is protected and least exposed to fraud losses by Ensure the Bank is least exposed to fraud losses by implementing technology prevention and detection measures.
• Ensure effective measures are implemented to facilitate maximum recovery of funds lost through fraud.

Customer - 15%

• Document, disseminate and maintain the system risk governance methodology, the system risk management policies and the Information Security Policy and Standards in line with minimum Baseline Security Standards and industry best practices and technologies. 
• Maintain and enforce the system risk management and Information Security risk management framework/methodology. 
• Promote and continuously improve the system risk-related and Information Security related activities.
• Monitor and record in the risk register, compliance with the Security Standards, Policies and Architecture.
• Assist in addressing regulatory, legal and commercial challenges because of unplanned events in the bank by applying technology based solutions to
• Information management and electronic discovery demands.
• Communicate with management to ensure support for the information security program.

Operational - 70%

• Endpoint Security: Ensuring the protection of all devices (desktops, laptops, mobile devices) within the organization. This includes deploying and managing security solutions such as antivirus software, encryption, and device management tools to prevent malware, data theft, and unauthorized access.
• Identity and Access Management (IAM): Managing the processes and technologies that ensure only authorized users can access critical systems and data. This includes overseeing user authentication, role-based access control, password policies, and multi-factor authentication (MFA). 
• Network Access Control (NAC): Implementing security policies to control and monitor access to the organization's network. NAC solutions are used to restrict access to network resources based on predefined security policies, ensuring that only trusted and compliant devices are allowed to connect. 
• Security Operations: Overseeing daily security activities to monitor, detect, and respond to security incidents. This includes managing security information and event management (SIEM) systems, coordinating with the incident response team, and ensuring overall security monitoring is effective. 
• Vulnerability Management: Identifying, assessing, and mitigating security vulnerabilities across the organization’s IT infrastructure. This includes regular vulnerability scans, patch management, and ensuring that identified vulnerabilities are addressed in a timely manner to prevent exploitation.
•  Email and Internet Security: Protecting the organization’s email communications and internet usage from threats such as phishing, malware, and spam. This involves deploying and managing email filtering systems, web proxies, and securing web applications to safeguard against cyberattacks.
• Network Security: Ensuring the security of the organization's network infrastructure, including firewalls, intrusion prevention systems (IPS), and encryption technologies. The role involves protecting the network perimeter, monitoring traffic for anomalies, and ensuring secure communications both internally and externally.

KEY RELATIONSHIPS:

Direct Reports to this Position

• N/A

Customers of this Position

• Information Technology team 
• All Staff
• Auditors

Knowledge, Skills, and Experience Required for this Role

• Minimum: A degree in STEM or related field
• And Either: CISSP, CEH, CompTIA Security+, CompTIA Linux+, OSCP, CPENT, RHCE, RHCA
• Experience: At least three (3) years’ experience in IT Security performing similar role, or At least five (5) years’ experience in Systems Administration (Windows and Linux)

Competencies required for this Role:

1. Strong Technical Expertise in IT Security

• Proficiency in network security, vulnerability management, endpoint protection, and threat detection technologies. 
• Expertise in identifying, analyzing, and mitigating security risks across various platforms, including servers, endpoints, and cloud environments. 
• In-depth understanding of incident response processes, including detection, analysis, and remediation.

2. Proven Experience in Deploying and Managing Enterprise-Level Security Solutions

• Demonstrated experience in deploying, configuring, and maintaining enterprise-level security solutions such as firewalls, antivirus, intrusion detection/prevention systems (IDS/IPS), and encryption tools.
• Ability to manage security solutions across complex IT environments, ensuring consistent enforcement of security policies and practices.

3. Expertise in Incident Response, Security Analysis, and Vulnerability Management

• Strong experience in investigating and responding to security incidents, including malware attacks, data breaches, and network intrusions.
• Proficient in conducting vulnerability assessments and implementing vulnerability management programs to identify, prioritize, and remediate security weaknesses.

4. Familiarity with Security Frameworks

• Knowledge of security frameworks and standards, including ISO 27001, NIST, and PCI-DSS, and experience in implementing these frameworks to maintain compliance and best practices. 
• Ability to assess, audit, and improve security posture based on these industry standards.

5. Excellent Problem-Solving, Communication, and Leadership Skills

• Strong analytical skills to quickly diagnose security issues, identify root causes, and implement effective solutions. 
• Ability to communicate complex security concepts clearly to both technical and non-technical stakeholders. 
• Proven leadership abilities, with the capacity to guide and mentor junior team members and coordinate cross-functional teams to address security challenges.