DIGITAL SECURITY AND RESILIENCE MANAGER – Bancabc 175 views

Key Responsibilities

• Plan resource requirements based on monthly/quarterly security and resilience targets and risk posture.
• Lead the Security & Digital Resilience Strategy aligned to bank strategy and global standards (e.g., NIST CSF outcomes & BIS Security-resilience).
• Lead the Security Governance Plan across Technology Services, including the full policy/standard/procedure lifecycle (draft, review, approve, communicate, measure compliance).
• Lead the annual Security & Information Security Plan covering risk assessments, control implementation, awareness, detection, response, recovery and continuous improvement.
• Lead the Technology Risk Plan with Enterprise Risk: maintain risk register, top risks, treatment plans, KRIs, thresholds and escalation paths.
• Integrate Business Continuity & Operational Resilience: define critical services, dependencies, impact tolerances and test scenarios with business owners.
• Establish annual goals, objectives and operating procedures for Security, Resilience & Risk with Technology Heads.
• Update Security & Governance policies, standards and procedures (cloud, data protection, IAM/PAM, incident, DR/BCP, vulnerability, third-party); submit for approval; communicate and track attestation.
• Formulate the Security & Resilience budget (OPEX/CAPEX) and submit for consolidation.
• Manage utilisation, track variances and reforecast.
• Optimise tooling/licensing and operating costs (SIEM/EDR/PAM/DLP/CSPM).
• Oversee preventive controls that avoid financial loss from misconfigurations or fraud exposure.
• Lead design, testing, control and maintenance of security and resilience capabilities (EDR/XDR, SIEM/SOAR, IAM/PAM, DLP, WAF, CSPM/CWPP, HA/failover).
• Enforce change management for security-relevant changes.
• Oversee intrusion detection & coordinated incident response with SOC and Infra/App teams.
• Identifying and Recommending schedules for security improvements, reconfigurations, upgrades, and/or purchases in liaison with the line managers.
• Coordinate penetration testing and vulnerability management; drive timely remediation.
• Maintain SIEM/SOAR use-case roadmap mapped to threat model and resilience observability (failover readiness, health thresholds, capacity).
• Preparing monthly incident reports on security breaches and submit to the Head Technology Services.
• Review user access/privileges (IAM/PAM); run quarterly certifications; ensure emergency access (“break-glass”) resilience.
• Preparing Regulatory Technology Services and Board reports and submits to the Head Technology Services.
• Embed security and resilience in SDLC (SAST/DAST/IAST, SCA, secrets mgmt, resilience patterns such as circuit breakers/bulkheads/graceful degradation).
• Ensure participation in UATs with security/resilience acceptance criteria.
• Prepares Technology Risk sign-offs for new and existing products and services and submits to Risk department.
• Identify vendors/tools with Procurement; evaluate security and resilience capability and fit.
• Maintain procedures to identify/measure/monitor/control technology and resilience risk (SPOFs, capacity, fragility, recovery capability).
• Compile monthly risk reports on internal/external developments (threat intel, emerging risks, lessons learned).
• Monitor new product/service implementations for regulatory, security and resilience compliance.
• Track closure of audit & assurance findings; report status.
• Design, document and implement DR plans for OS, DB, networks, servers, applications; map dependencies across on-prem and cloud.
• Lead the Operational Resilience Testing Framework (severe-but-plausible scenarios, Security recovery, manual fallback, facility outages, cloud region failover).
• Conducts ad hoc security or vulnerability checks on systems in line with Technology Services policies and procedures and potential threats.
• Define and refine impact tolerances for critical services; track and report exceedances.
• Develop plans to meet agreed goals and objectives (OKRs/KPIs).
• Review and recommend optimum structure; maintain clear RACI (SOC/GRC/Resilience coverage).
• Ensure staffing, skills, succession and training plans.
• Ensures that the section team operates in line with the departmental policies and guidelines and that requisite human resource policies, procedures and systems are followed accurately.
• Run weekly team meetings; agree targets, tasks and actions.
• Carries out ongoing evaluation of staff, identifies performance strengths and deficiencies, and arranges for necessary action (for example further on the job training).
• Approve leave and requisitions per policy and staffing plan.
• Implement third-party risk framework (tiering, due diligence, monitoring, exit).
• Ensure contractual security & resilience clauses (breach notification, audit rights, data location, failover, RTO/RPO).
• Perform resilience assurance for critical suppliers (DR/BCP tests, backup guarantees, interdependency risk, incident timelines).
• Maintain KRI/KPI dashboards (control coverage, incidents, MTTD/MTTR, patch SLAs, policy currency, service availability, failover time).
• Run annual maturity assessment (e.g. NIST CSF Profile/FFIEC CAT/CRI) and track improvement plan.
• Drive problem management/RCAs for repeat incidents and disruptions; embed lessons learned.
• Ensure compliance with applicable laws, standards and supervisory expectations; maintain evidence for inspections.
• Coordinate internal/external audits and examinations; track and close findings.
• Prepare and deliver executive/board-level security & resilience reports and regulatory notifications as required.

Requirements

• Bachelor’s Degree in Information Security, Computer Science or Information Technology, Information Systems.
• 5 years’ experience in a similar or related environment, with a minimum of 2 or more years in a Management position.
• Experience in the Banking sector (payments, core banking, SWIFT/PCI scopes) will be an added advantage.
• Hands-on familiarity with SIEM/SOAR, EDR/XDR, IAM/PAM, DLP, WAF, CSPM/CWPP, GRC tooling and DR/BCP practices.
• The successful candidate should possess professional certifications demonstrating expertise in digital and cloud security, risk management, governance, and operational resilience.
• Required or strongly preferred certifications include:
• 1. Information Security & Risk Management: CISM, CRISC, or CISSP.
• 2. Management Systems & Resilience: ISO/IEC 27001 (ISMS) and/or ISO/IEC 22301 (BCMS).
• 3. IT Governance & Service Management: ISO/IEC 38500, ITIL v4, or COBIT 2019.
• 4. Cloud & Digital Security: CCSP or Microsoft security certifications (e.g., SC-series).
• Equivalent senior professional certifications demonstrating relevant leadership and regulatory experience will be considered.
• Strong analytical capability with the ability to see the big picture.
• Excellent verbal, written, influencing, and presentation skills.
• Effective people and team management, with the ability to simplify complex concepts.
• Strong stakeholder engagement skills across a matrix environment.
• Solid project and process management capability.
• Solution-oriented, resilient problem solver with sound risk evaluation and decision-making skills.
• Cybersecurity principles, frameworks, and best practices (e.g. NIST, ISO 27001, CIS).
• Information security governance, risk management, and compliance.
• Digital risk assessment, threat modelling, and vulnerability management.
• Incident response, cyber crisis management, and business continuity planning.
• IT infrastructure, networks, cloud platforms, and application security.
• Data protection, privacy regulations, and regulatory compliance requirements.
• Security monitoring tools, SIEM, and threat intelligence solutions.
• Disaster recovery planning and operational resilience frameworks.
• Secure systems architecture and access control mechanisms.
• Emerging cyber threats, attack vectors, and defensive technologies.
• Third-party and vendor risk management.
• Technology controls within financial services or regulated environments.

How to Apply