Assistant Manager Information Security

Summary of Role

Responsible for supporting the Information Security Office (ISO) in the implementation and oversight of the Bank’s Governance, Risk, and Compliance (GRC) activities, while assisting in security monitoring and operational tasks related to cybersecurity. The role ensures ongoing alignment with regulatory frameworks, international standards (e.g., ISO 27001, PCI DSS), and the Bank’s internal security policies and procedures.

Key Objectives

Governance, Risk, and Compliance (GRC)

• Monitor implementation of the Information Security Framework in accordance with ISO 27001 and other relevant standards.

• Ensure regular risk assessment is carried out against all third party, outsourced, cloud services and controls are properly applied.

• Assist in preparing, monitoring and submitting MIS reports and key risk indicators (KRIs) related to Information Security.

• Coordinate with internal stakeholders to ensure all change requests are reviewed in accordance with Information Security guidelines.

• Maintain and update records of information security-related policies, procedures, and documentation.

• Ensure completion of all security health checks of ISO tools.

Operational Support

• Oversee access control lists and ensure proper user permissions are in place.

• Ensure Business Continuity (BCM) tools and Information Security solutions are functional at the Disaster Recovery (DR) site.

• Review contracts, annual maintenance agreements, and renewal schedules for security tools and systems.

• Support the audit process by coordinating responses and action plans for Information Security-related findings.

• Participate in security incident investigations and assist in root cause analysis and response documentation.

Awareness & Training

• Organize Information Security awareness programs across the Bank.

• Provide training materials and knowledge-sharing sessions for staff to build security awareness.

• Ensure Training and awareness related to Information security is planned, developed, and delivered to users.

Compliance Monitoring

• Ensure timely submission of deliverables for audit and regulatory compliance.

• Support periodic internal reviews and contribute to the improvement of SOPs.

• Track implementation status of remediation plans for identified vulnerabilities and audit observations.

Other Responsibilities

• Perform additional duties as assigned by the Head of Information Security or Risk Management.

• Maintain version control for Information Security documentation and ensure alignment with approved procedures.

Candidate Specifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• Minimum 5 years of relevant experience in Information Security implementation, Governance, or Operations.