Posted on :
18 Oct, 2019
18 Oct, 2019
Established in 1964, the African Development Bank (AfDB) is the premier pan-African development institution, promoting economic growth and social progress across the continent. There are 80 member states, including 54 in Africa (Regional Member Countries). The Bank’s development agenda is delivering the financial and technical support for transformative projects that will significantly reduce poverty through inclusive and sustainable economic growth. In order to sharply focus the objectives of the Ten Year Strategy (2013 – 2022) and ensure greater developmental impact, five major areas (High 5’s), all of which will accelerate our delivery for Africa, have been identified for scaling up, namely; energy, agro-business, industrialization, integration and improving the quality of life for the people of Africa. The Bank is seeking to build a management team that will lead the successful implementation of this vision.
Job Title: Head of Cyber Risk Unit, CHSA
The Vice-Presidency, Human Resources and Corporate Services (CHVP) ensures the delivery of efficient, people-centered, client-oriented, corporate services to ensure overall institutional effectiveness in all aspects of the Bank’s corporate services. The complex leads efforts to digitalize and transform the Bank into a knowledge-driven workforce, promote human resources policies that enhance talent, drive a performance -driven culture, and ensure the competitiveness of the Bank as the employer of choice. The complex ensures that all Human Resources and Corporate Services are re-aligned to drive greater corporate performance and execution of the Bank’s strategic vision and priorities. The complex is responsible for providing leadership in the formulation and implementation of Bank’s strategies on people, IT, General services and institutional procurements, Language Services, business continuity and, health and safety strategies
THE HIRING DEPARTMENT/DIVISION:
The Head of Cyber Risk will create a new Unit within the Bank to provide expertise and assistance to ensure the Bank’s infrastructure and information assets are appropriately protected. The Cyber Risk Unit will be responsible for the safeguarding of all bank’s Information Communication Technology (ICT) assets across all platforms, locations, and stakeholders. The Cyber Risk Unit will be part of Bank’s ICT lifecycle management to provide secure ICT solutions to the Bank. The Cyber Risk Unit will lead and provide cyber security technology solutions at the Bank, such activities include but are not limited to Security Operation Center (SOC), Cyber Incident Response, Threat Intelligence, Zero-day attack and defence, cloud security, mobile security, data security and application security. The Cyber Risk Unit will focus on developing and driving information risk strategies, policies/standards, ensuring the effectiveness solutions, ensuring appropriate risk policies and procedures such as user log-on and authentication rules, security breach, escalation procedures, and security assessment procedures. The Cyber Risk Unit will enforce information security policies and procedures, monitor data security profiles on all platforms and investigate risk scenarios.
The objective of this position are to:
Duties and responsibilities
The areas of responsibility for the head of the unit are the following categories:
The incumbent’s duties will include the following:
1. Ownership of the information security compliance vision, strategy and assurance including:
2. Strategic planning, Risk management plan and actions
3. Business Engagement
4. Lead Cyber Security Technology innovation at the Bank and provider highest level expertise advisory services to the senior management
5. Ensure all processes and access are in line with Bank policies.
6. Support internal and external audits.
7. Manage multiple projects with broad scope, ambiguity, and high degree of difficulty.
8. Maintain an advanced knowledge of all cyber risk principles, technologies and elements.
9. Understand the Bank global program structure, operations and support the High 5 strategy.
1. A Master’s degree in electrical engineering, systems engineering, computer science, computer engineering, information technology, management information systems, security and risk management or equivalent.
2. 8+ years’ work experience in relevant Information Security Risk position and 2+ years’ experience in a management role or a similar position or having equivalent skills and experience is highly desired. Practical experience with ISO 27000 is required. 3+ years’ experience in conducting or leading risk based information security assessments would be an added advantage.
3. Expert level experience in two or more CISO domains
4. Mandatory Certifications in ICT security (unless demonstrate the same level of knowledge):
5. Desired Security Certifications and experience (one or more):
6. Structured project management experience in deploying cyber risk related initiatives.
7. Broad experience in computer and network systems focused on IT and cyber risks.
8. Experience leading teams.
9. Knowledge of regulatory compliance, standards, and frameworks such as ISO, NIST, COBIT and PCI DSS.
10. Proven understanding of information security risk assessment and risk management procedures and methodologies.
11. Ability to correlate enterprise risk with appropriate administrative and technical security risk controls.
12. Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
13. Functional understanding and knowledge of information technology risk principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.).
14. Working knowledge of all operating systems
15. Dynamic and self-motivated to provide excellent services to the users
16. Have excellent interpersonal skills coupled with a collaborative style
17. Strong communication skills to enable effective engagement of team members and external providers.
18. Conflict resolution skills
19. Ability to advise senior management on complex systems development and related matters of significant importance to the institution; conceptual and strategic analytical capacity to understand information system and business operational issues so as to thoroughly analyze and evaluate critical systems matters.
20. Demonstrable experience in improving processes and approaches; demonstrable adaptability to changing priorities.
21. Keeps abreast of new developments in own occupation/ profession; good understanding of the new technology and industry trend.
22. Excellent team spirit, communication skill, both verbal and writing
23. Fluency in English and/or French with good working knowledge of other language.