Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for leading the Bank’s information security and cybersecurity strategy to ensure the protection of systems, networks, applications, and sensitive data against internal and external threats. Reporting to the Chief Risk Officer, the CISO plays a strategic role in establishing and maintaining a robust information security governance framework aligned with regulatory, operational, and business objectives.

Key Responsibilities:

• Develop, implement, and maintain the Bank’s enterprise-wide information security and cybersecurity strategy, governance framework, policies, standards, and procedures in alignment with business objectives and regulatory requirements.
• Lead the identification, assessment, monitoring, and mitigation of information security and cybersecurity risks across the organization while ensuring effective risk management practices and compliance with applicable laws, regulations, and industry standards.
• Oversee security operations including threat monitoring, vulnerability management, incident detection, response, investigation, reporting, and remediation to ensure the protection of the Bank’s systems, networks, applications, and data assets.
• Collaborate with IT and business teams to ensure security-by-design principles are integrated into technology solutions, infrastructure, applications, and projects, including secure configuration management and implementation of appropriate security controls.
• Manage and coordinate cybersecurity audits, penetration testing, vulnerability assessments, security reviews, and compliance exercises while ensuring timely remediation of identified gaps and weaknesses.
• Monitor and evaluate security technologies, tools, and emerging cybersecurity threats, and recommend enhancements to strengthen the Bank’s cybersecurity posture and resilience.
• Provide strategic advice and regular reporting to senior management on cybersecurity risks, incidents, compliance status, and security initiatives.
• Promote cybersecurity awareness across the organization through training, communication, and awareness programs to foster a strong security culture and employee accountability.
• Build and maintain effective relationships with regulators, auditors, external stakeholders, and professional bodies to ensure alignment with industry developments and regulatory expectations.
• Lead, mentor, and develop the information security team by promoting continuous learning, performance excellence, collaboration, and employee engagement.

Prerequisites:

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, Information Systems, or related discipline.
• Postgraduate qualification or professional certification in Information Security or Risk Management is an advantage.
• Minimum 5–10 years of experience in the Banking or Financial Services industry, including at least 3–5 years in Information Security, IT Risk, or Cybersecurity leadership roles.
• Proven experience in developing and implementing information security policies, frameworks, and security programs.
• Strong understanding of cybersecurity regulations, data protection requirements, and industry standards.
• Experience managing security incidents, vulnerability management, and cybersecurity operations.
• Familiarity with security technologies such as firewalls, IDS/IPS, SIEM, endpoint protection, VPNs, and encryption tools.

Skills:

• Strong knowledge of information security governance, cybersecurity risk management, security operations, incident response, vulnerability management, and regulatory compliance within the banking and financial services sector.
• Good understanding of cybersecurity frameworks, standards, and best practices including ISO 27001, NIST, PCI DSS, SWIFT CSP, data protection regulations, and related regulatory requirements.
• Proficiency in security technologies and tools such as firewalls, IDS/IPS, SIEM solutions, endpoint protection, VPNs, encryption technologies, and security monitoring systems.
• Strong analytical, problem-solving, and decision-making skills with the ability to assess complex risks and recommend practical security solutions.
• Excellent leadership, people management, coaching, and team development capabilities with the ability to build high-performing teams and promote a strong security culture.
• Excellent communication, presentation, stakeholder management, and interpersonal skills with the ability to engage effectively with senior management, regulators, auditors, and cross-functional teams.
• Strong planning, organizational, project management, and time management skills with the ability to work effectively in a fast-paced and highly regulated environment.
• High level of professionalism, integrity, confidentiality, and attention to detail with the ability to manage sensitive information appropriately.