SENIOR MANAGER – INFORMATION SECURITY & RISK at BRD_ Development Bank of Rwanda  : (Deadline: 15 December 2023 )

SENIOR MANAGER – INFORMATION SECURITY & RISK at BRD_ Development Bank of Rwanda  : (Deadline: 15 December 2023 )

SENIOR MANAGER – INFORMATION SECURITY & RISK at BRD_ Development Bank of Rwanda  : (Deadline: 15 December 2023 )

Vacancy Announcement

The Development Bank of Rwanda is Rwanda’s only National Development Bank mandated to support Rwanda’s development goals. Over the last years, the bank has undergone substantial re-organization aimed at positioning it as an “innovative and sustainable provider of development finance for socio-economic impact”. 

To achieve this vision, the bank’s strategic plan (2018-2024) has outlined 3 key strategic themes.

  • Operational Excellence: Continuous improvement of our credit and risk management system, financial performance and customer services.
  • Strategic Partnerships: Forming strategic partnerships to deliver our mandate is a key component of our core activities.
  • Dynamic Culture: Continuously improving our pool of knowledge to have the most competent and skilled employees.

BRD is committed to respecting gender equality and disability norms. We promote gender responsive practices. Qualified candidates particularly females and persons living with disabilities are encouraged to apply.

To help accomplish this ambitious and exciting vision, the Development Bank of Rwanda (BRD) would like to recruit a suitable qualified candidate to fill the following position:

SENIOR MANAGER- INFORMATION SECURITY & RISK (1) 

Background Information

Job Title: Senior Manager – Information Security & Risk

Job GradeJG 4

Department: CEO’s Office

Department/ Section/Unit: Information Security & Risk

Reports to: Chief Executive Officer

Direct Reports:

  • Information Security Specialist
  • Information Security Officer
  • Information Security Analyst

Indirect Reports: N/A

Contract Terms: Open-ended

Purpose of the Job

The purpose of the job is to be responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. The position is also responsible of advising and establishing the information security strategy and overseeing information security operations in the bank.

This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the bank. The position is also responsible for reporting and investigating information security incidents and advising on remediation actions to avoid their recurrence.

The position is also responsible for advising and recommending needed tools to improve the security posture of the bank and maintain high compliance levels.

The Senior Manager – Information Security & Risk role will also be responsible for developing an information security awareness program for all functions to educate employees, and customers about the risks associated with the misuse of information resources and how to avoid them.

The Senior Manager – Information Security & Risk will also be responsible for engaging and managing internal and external information security stakeholders’ relationships to ensure the bank remains compliant and aware of external requirements.

Main Responsibilities of the Job

  • Develop, implement, and monitor a strategic, comprehensive information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled or processed by the bank.
  • Manage the enterprise’s information security organization, consisting of direct reports and indirect reports (such as individuals in Risk, Audit and IT). This includes hiring, training, staff development, performance management and annual performance reviews.
  • To manage creation, maintenance and implementation of the bank information security awareness training program.
  • Creating, leading, and managing cybersecurity strategies
  • Oversee information security audits, whether performed by internal audit or third-party personnel.
  • Manage security team members and all other information security personnel.
  • Evaluate department budget and costs associated with technological development in cybersecurity.
  • Define and communicate to the management, the key threats to the information assets.
  • Assist in the investigation of security threats or other attacks on the information assets at the bank.
  • Forecast potential threats to the business.
  • Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.
  • Manage the acquisition of additional information security solutions or enhancements to existing information security solutions to improve the overall information security posture.
  • Lead, develop and implement the FinSOC program to ensure compliance with the regulator.
  • Serve as a focal point of contact for the information security team, the customer and across the organization.
  • Manage external stakeholders through regular engagements (BNR, NCSA..etc).
  • Manage, configure, and test physical security, disaster recovery and data backup systems.
  • Communicate information security goals and new programs effectively with other department managers within the organization.

Performance indicators

  • Conduct a continuous gap analysis and vulnerability assessment of the bank in terms of information security to ensure the bank is always aware of its cybersecurity risks.
  • Ensure the preparedness level of the bank is efficient by evaluating how well-prepared we are for any potential cybersecurity threat or attack.
  • Review continuously the number of devices on the organization’s network and whether they are fully patched up, up-to-date, and safe.
  • Timely and effective management of information security incidents by ensuring the mean time to detect, to resolve, to contain, etc. are low.
  • Prevent any intrusion attempts in the bank’s network by continuous monitoring of network devices logs and activities performed within the bank.
  • Ensure our information security rating improve and remains excellent.
  • Ensure system are properly patched on a timely manner.
  • Provide comprehensive cybersecurity awareness training.
  • Safeguard the bank from cybersecurity threats and attacks such as bots’ attacks, viruses, phishing attacks, ransomware and more.
  • Measure and evaluate our cost per incident to minimize loss for the bank.
  • Document and ensure compliance of all information technology policies, procedures, and processes.
  • Develop a logical access matrix for each system used within the bank.
  • Closely monitoring of the user system access of staff or external partners according to the logical access matrix of each node.
  • Monitor data privacy and protection of the bank, its staff, and customers according to the Rwandan’s law especially on the protection of personal data and privacy.

Working relationships

  • Executives and Heads of departments
  • IT & Digital Information
  • System and Database administrators
  • Senior and Middle Managers
  • External stakeholders

Professional, academic qualifications and experience

  • Bachelor’s degree in computer science, Information Technology, or related field. Master’s degree in the related field is preferred.
  • Professional certification in Cybersecurity such as CCNA/CCNP Security, ISO/IEC, or related field
  • A minimum of seven years of IT experience, with five years in an information security role.
  • Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
  • Remarkable experience in information security risk assessment and management.
  • Knowledge and understanding of relevant legal and regulatory requirements.
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • A strong understanding of the business impact of cybersecurity tools, technologies, policies, procedures, and processes.
  • Experience developing and maintaining policies, procedures, standards, and guidelines.
  • A drive to learn and master new technologies and techniques.

Core competencies

  • Visionary leader with sound knowledge of business management and a working knowledge of information security technologies Industry experience is preferred.
  • Understanding of operating system internals and network protocols.
  • Familiarity with Cybersecurity tools and technologies (e.g., SIEM, ESG, EDR, PAM, DAM and other related tools)
  • Knowledge of the principles of cryptography and cryptanalysis.
  • Experience in system technology security testing (vulnerability scanning and penetration testing).
  • Familiarity in application technology security testing (white box, black box and code review).
  • Highly familiar with related information security laws and regulations, including knowledge of Rwandan Data Privacy law.
  • Proven abilities to take initiative and be innovative.
  • Analytical mind with a problem-solving aptitude
  • BSc/BA in Computer Science, Engineering, or relevant field.

Application Guidelines:

Interested candidate should apply online (https://www.brd.rw/careers/ ) and upload application documents including Curriculum Vitae, copies of degree certificates and professional certificates, motivation letter, names of three previous supervisors (as one document) as well as their emails and telephonePlease be informed that you will receive a notification pop up message after successfully uploading your application.

Only online applications shall be considered.

Email only for inquiries (not application): recruitment@brd.rw  

Address all applications to the Head, Human Capital, and Corporate Services of the Development Bank of Rwanda.

Deadline: 15 December 2023 

The employment package is highly competitive/attractive.

Due to expected high volume of applications, ONLY shortlisted applicants will be contacted. 

Done in Kigali, 1st December 2023






Kindly Note

All Jobs and Opportunities Published on mucuruzi.com are completely free to apply. A candidate should never pay any fee during the recruitment Process. Even if mucuruzi.com does its best to avoid any scam job or opportunity offer, a job seeker or an opportunity seeker is 100% responsible of applying at his own risk.
Check well before applying, if you doubt about the eligibility of any offer do not apply and notifie to mucuruzi.com via this email: mucuruzi2016@gmail.com and remember to never pay any fee to have a job or get any opportunity, if you do so, do it at your own risk.









Related posts