ICT Risk & Compliance specialist
CRDB Bank PLC is looking for a suitable candidate to fill 2 vacant position of ICT Risk & Compliance specialist existing in the Department of Information & Communication Technology (ICT) at Head Office, Dar es Salaam
- Responsible for managing and maintaining the IT risk assurance program which includes Information security policies, controls, guidance and best practices aimed to reduce operational IT risk.
- This position is responsible for assessing and facilitating IT risk-related activities such as IT audits, regulatory exams, compliance testing, investigations and control attestations.
- Review system’s security documentation in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document security relevant changes.
- Inform users about security measures needed to address certain security issues, explain potential threats
Responsibilities for the Role:
- Coordinate regular compliance, risk, maturity and audit reviews executed within the ICT functions, including reporting progress against identified areas of improvement.
- Participate in implementation of technological audit and regulator recommendations to ensure compliance to both bank and regulatory requirements.
- Ensure all relevant ICT documents like policies, procedure, processes are reviewed regularly according to the policies and maintained.
- Ensures compliance with ICT security policies and the alignment of ICT procedures and policies; ensure the adherence of ICT working instructions, systems and software applications to established procedures, policies, standards and best-practices.
- Review all Bank’s Information Systems such as workstations and servers to ensure that they are well protected against virus attacks and are updated with latest security patches according to the policy
- Training users and promoting information security awareness to enhance the overall compliance with the Bank’s security standards, procedures, policies, checklists, statutory and regulatory requirements.
- Advise ICT team of emerging compliance issues and consults and guides the Bank in the establishment of controls to mitigate risks and ensure all employees are educated on the latest regulations and processes.
- Facilitate and coordinate user access reviews which will be performed quarterly and System reviews which will be performed semi-annually.
- Responding to all governance reports from different committee and Boards such as MARC, ORC and FPC.
- Perform monitoring and review the adherences of ISO 27001 and PCI standards
- Monitoring the compliance of licenses and vendor contracts and vendor SLA
- Provides guidance, evaluation and advocacy on audit findings and recommendations and ensures appropriate mitigation actions are developed and implemented in a timely manner.
- Undertake risk control self-assessment prior to any independent audit or assessment, report and raise any issue noted for management attention and recording.
- Working closely with the Department of Risk and Compliance, Internal & External auditors to ensure all system related risks and gaps identified are timely addressed.
- Tracking of all audit issues raised by internal and external auditors to its closure
- Collecting and validating all supporting evidences requested in risk assessment and audit reviews
- Reports all KRI (Key Risk Indicator) and RCSA (Risk Control Self-Assessment) in to Risk department on monthly basis.
- Performing risk assessment on Quarterly basis
- Updating ICT Risk register and track all gaps identify in risk assessment and act as ICT Risk champion.
Knowledge, Skills, Qualifications and Experiences Required for the Role.
- Bachelor’s degree in Computer Science, Computer Information Systems, Management Information Systems
- Professional Certification like CISA, CISM, CGEIT will be an added advantage.
- At least 2 years of general ICT Auditing, Risk, compliance and governance experience in banking or similar environment.
- Ability to work well under minimal supervision
- Strong interpersonal, written and oral communication skills.
- Excellent interpersonal and networking skills, internally and externally.
- Broad understanding of Governance, assurance and compliance frameworks and their linkage to bank industry in the Tanzania environment
- Technical knowledge of Information & Communication Technologies and Information Security.
- Understanding of Information Security, Audit, risk management or internal controls experience.