Monitoring performance and adherence to the requirements of the regulation while providing advice on the data protection impact assessment.
Conducting audits to ensure compliance, accountability and address potential issues proactively.
Monitor security events received from the Bank’s security tools on applicable perimeter devices, systems, databases and servers for potential attacks, suspicious or anomalous activities.
Assist in identifying new solutions to improve the ISO monitoring role in threat identification, detections and response capabilities.
Strengthen the monitoring of system transactions integrity and events by review of the System audit logs and Escalation of noted anomalies.
Analyze and document business process objectives and design to identify required information systems controls.
Incidences Management:
Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised with regards to Data Protection.
Handling queries or complaints internally or externally regarding data confidentiality and use.
Escalate and report on incidents, potential gaps or risks as observed during monitoring activities.
Document the security breaches and measure the damage caused.
Reporting:
Reporting to the Supervisor:
Providing updates on the Data Protection compliance programme to the Board and Risk Management Committee
Providing status updates to the Head of Risk and Senior Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirement.
Share a monthly report on privilege access management and bank wide compliance to the user access rights.
Quarterly reporting to the board on the exceptions noted in user access management likely to impact the Confidentiality, Integrity and Availability of information.
Any other duties as deemed necessary by the supervisor.
Academic Background
Bachelor’s degree in Information Technology, Computer science, Cybersecurity, business, or related fields
Strong knowledge of Information Security related frameworks/ Regulations such as, ISO 27001, NIST 800-53, NIST Cyber Security Framework, Cobit, FFIEC CAT, GLBA, SOX, NYDFS 500, etc.
Work Experience
At least 5 years of Banking or Information Technology Experience
Knowledgeable in IT operations
Proficient in IS Security
Knowledge on Data Protection laws & General Data Protection Regulations (GDPR) is an added advantage