Information Security officer at Development Bank of Rwanda (BRD): (Deadline 29 May 2023)

1.      Background Information

Job Title: Information Security officer

Current Grade: JG 6

Divisions/ Department: CEO’s Office

Reporting to: Manager – Information Security

2.      Contract Terms – Open Ended

3.      Purpose of the Job

The purpose of an information security officer is to provide protection of the Bank’s information systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction.

He/She will be responsible for implementing and enforcing security strategies, policies, and procedures, conducting risk assessments, monitoring security incidents, and ensuring compliance with relevant laws and regulations.

4.      Main Responsibilities of the Job

• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Ensure access to the Bank’s information is limited to appropriate individuals.
• Analyses digital evidence and investigates computer security incidents.
• Enforce SLAs to ensure incidents are closed by relevant parties in timely manners.
• Participate in the change management process.
• Monitoring and ensuring compliance with data protection laws and regulations and other applicable laws and regulations.
• Provide advice and guidance to the Bank and its employees on data protection matters.
• Conduct regular data protection risk and impact assessments and advise on risk mitigation strategies.
• Ensure that data protection policies and procedures are up to date, communicated to relevant employees, and implemented effectively.
• Serve as the point of contact for data subjects and supervise authorities on data protection matters.
• Coordinate with other departments, such as IT and legal, to ensure data protection compliance across the organization.
• Maintain records of data processing activities and data breaches and report to supervisory authorities as required.
• Confirm availability and recoverability of the Bank’s critical data for business continuity
• Ensure vulnerabilities are periodically identified, tested, and reported.
• Follow up on vulnerability re mediations to ensure that all loopholes are closed in timely manners.

5.      Performance indicators

• Information security vulnerability reduction
• Compliance and audit results
• Incident response time
• Policies and procedures adherence
• Professional development, etc

6.      Working relationships

• All departments
• All BRD stakeholders
• Customers

7.      Professional, academic qualifications and experience

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or any related field
• Information security and data privacy related professional certification such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and/or Certified Information Privacy Professional (CIPP).
• Previous experience in a security-related role such as information security analyst, security consultant, network administrator, or system administrator for a minimum period of 2 years preferably in the banking sector will be a plus.

8.      Core competencies

• Familiarity with security technologies, tools, and best practices.
• Understanding of information security principles, standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework).
• Knowledge of network protocols, system vulnerabilities, and attack vectors.
• Proficiency in risk assessment and management methodologies.
• Familiarity with security technologies such as firewalls, intrusion detection systems, access controls, encryption, and endpoint security.
• Knowledge of applicable laws, regulations, and compliance requirements.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders across the Bank.