Chief Information Security Officer (CISO) I&M Bank

A Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and cyber security strategy, governance, and risk management.

Key Responsibilities.

Risk Governance and Strategy

Job subscription

• Overseeing and implementing the institution’s cybersecurity program and enforcing cyber and technology policy.
• Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite.
• Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval.
• Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable.

Risk Identification, Assessment, and Mitigation

• Ensure regular and comprehensive cyber risk assessments are conducted at least once a year.
• Ensure monitoring processes detect cyber and technology events and incidents in a timely manner.
• Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps.
• Safeguarding the confidentiality, integrity, and availability of information.

Fraud Risk Management

• Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses).
• Responsiveness and effectiveness in addressing fraud… risk events.

Business Continuity Planning (BCP) and Crisis Management)

• Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence.
• Ensure frequent data backups of critical IT systems to separate storage locations.
• Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated.
• Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity.

Leadership and Culture

• Design cybersecurity controls considering all levels of users (internal and external).
• Organize professional cyber-related trainings to improve staff technical proficiency.

Reporting and Communication

• Report to the CEO at least quarterly on:
  • Confidentiality, integrity, and availability of systems,
  • Exceptions to cyber policies,
  • Effectiveness of the cybersecurity program,
  • Material cyber and tech events affecting the institution.

Technology and Innovation

• Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.

Educational Requirements.

Bachelor’s Degree (Required):

• Computer Science, Cybersecurity, Information Technology, or related field.

Master’s Degree (Preferred):

• MBA, M.S. in Cybersecurity, or Information Security.

Preferred Certifications.

• CISSP, CISM, CISA, CRISC, CEH.

Additional Knowledge Areas:

• Risk management, regulatory compliance (e.g., GDPR, HIPAA), security frameworks (NIST, ISO 27001), and business continuity.

Leadership Skills

• Strong leadership and team management capabilities.
• Ability to influence and collaborate with Board members, Senior Management, and Cross-functional teams.
• Excellent communication and presentation skills to convey complex risk concepts to diverse audiences.

Strategic and Analytical Thinking

• Strong problem-solving and decision-making skills under uncertainty.
• Ability to anticipate emerging risks and proactively design mitigation strategies.
• Exceptional analytical skills to evaluate and prioritize risks based on potential impact.

Behavioral Competencies

• High ethical standards and integrity.
• Resilience under pressure and ability to navigate crises effectively.
  • Adaptability to changing regulatory landscapes and evolving risk environments.