AVP, Cyber Security Engineer, Information Security Services, Group Technology

Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

• Develop and maintain a comprehensive cybersecurity risk governance framework aligned with international standards such as ISO, NIST, and COBIT. This framework should be periodically reviewed and updated to ensure adequacy.
• Conduct regular risk assessments to identify and analyze cybersecurity threats and vulnerabilities across all systems, applications, and business units.
• Develop and implement risk mitigation strategies, including security controls, to address identified risks.
• Monitor and analyze logs relating to potential cybersecurity threats or incidents.
• Oversee the implementation and effectiveness of cybersecurity training programs.
• Provide risk oversight and monitoring through independent reviews and objective assessments. This includes establishing monitoring processes.
• Collaborate with other departments and business units to ensure alignment on cybersecurity risk management practices.
• Stay abreast of emerging cybersecurity threats, vulnerabilities, and regulatory requirements.
• Assist in the interpretation of cybersecurity and technology-related legislation.
• Participate in cybersecurity exercises to ensure the continued relevance and efficacy of the organization’s response capabilities.
• Document and review the components of cybersecurity operations to ensure potential risks are considered.
• Ensure that all areas of cybersecurity are reviewed and covered comprehensively.

• Bachelor's degree in computer science, information security, or a related field. A relevant industry certification (e.g., CISSP, CISM, CRISC) is highly desirable.
• Minimum of 5-7 years of experience in cybersecurity risk management.
• Strong understanding of cybersecurity frameworks, standards, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework, COBIT).
• Proven experience in conducting risk assessments, developing risk mitigation strategies, and implementing security controls.
• Experience with regulatory compliance requirements related to cybersecurity.
• Excellent communication, interpersonal, and presentation skills.

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.