Position Description

Reports to: Senior Manager – IT Cyber Security Risk and Business Continuity Management

Work Place: Finfinne, Head Office

  Position Summary

The primary purpose of the job is to conduct IT cybersecurity risk analysis and enhance proactive cybersecurity risk management by identifying gaps and developing appropriate cybersecurity policies and procedures.

The job holder is responsible for identifying significant changes in the overall quality of information security, including the adequacy of and compliance with internal policies and procedures. In addition, the job holder will perform Risk and Control Self-Assessments for IT and cybersecurity, including analysis of inherent risks, control environment effectiveness, residual risks, risk appetite metrics, top and emerging risks, and ensuring timely updates and changes in accordance with established guidelines and timelines.

2. Key Responsibilities

• Design information security protection and management framework, guidelines, and best practices for the Bank, involving enterprise-wide security architecture review and development aligned with ISO 27001, NIST, and banking regulatory requirements.

• Oversee vulnerability assessments, penetration tests, and forensic IT investigations, ensuring findings are remediated and improve the Bank’s overall security posture.

• Develop and implement IT security risk framework awareness programs across the Bank to strengthen cybersecurity culture and risk awareness.

• Establish, implement, and monitor security policies, standards, and procedures in collaboration with cross-functional teams in line with IT risk and control frameworks.

• Ensure timely execution and compliance of security control functions in accordance with internal policies and regulatory requirements.

• Track, monitor, and validate security and risk issues, ensuring appropriate remediation actions are implemented to prevent recurrence.

• Provide regular updates and advisory reports to management on cybersecurity risks, incidents, and emerging threats.

• Maintain and update the risk register to reflect newly identified risks and changes to existing risk profiles.

• Perform IT and cybersecurity Risk and Control Self-Assessments (RCSA), including evaluation of inherent risk, control effectiveness, residual risk, and risk appetite metrics.

• Collaborate with Infrastructure, Application, and Internal Audit teams to ensure effective risk governance and control assurance.

• Ensure integration of cybersecurity requirements into system development and IT operations in line with secure development lifecycle (SDLC) principles.

• Liaise with regulatory and oversight bodies to ensure compliance with applicable cybersecurity and banking regulations.

• Develop and deliver cybersecurity risk training and awareness programs to enhance staff competency and organizational resilience.

• Lead and support Business Continuity Management (BCM) and Disaster Recovery (DR) activities, including Business Impact Analysis (BIA), continuity planning, and DR testing.

• Ensure alignment between cybersecurity risk management and BCM frameworks to support organizational resilience against disruptions.

•   Perform any other duties as assigned by the supervisor.

3. Qualification, Required work Experiences,Certifications and Competencies

3.1 Qualification Requirements

• Master’s or Bachelor Degree in Information Communication Technology, Computer Engineering, Computer Science, Information Systems, Electrical and Computer Engineering, Management Information System  and related fields

3.2 Required Work Experience

• At least six (6) years of professional experience, preferably in the banking or financial services sector, with a minimum of three (3) years of relevant banking experience in any of the following areas: risk management, loan review, credit management, strategy, research, finance, treasury, compliance or branch operations.

         3.3 Professional Certifications

At least one of the following certifications is required:

• CRISC (Certified in Risk and Information Systems Control)

• CISM (Certified Information Security Manager)

• CISSP (Certified Information Systems Security Professional)

• CISA (Certified Information Systems Auditor)

• CGEIT (Certified in the Governance of Enterprise IT)

• ISO 27001 Lead Implementer

• ISO 27001 Lead Auditor

• ISO 22301 Lead Implementer or equivalent certifications.

       3.4 Required Competencies

• Capability to identify cybersecurity trends and emerging threats, and segmenting risk areas effectively;

• Ability to design and monitor cybersecurity KPIs;

• Establishes strong relationships with internal and external stakeholders by demonstrating integrity, reliability, and consistently delivering on commitments;

• Demonstrates proficiency in navigating GRC and security management platforms, efficiently accessing and utilizing various modules, features, and functionalities to manage risk assessments, compliance tracking, and incident reporting;

• Demonstrates Business continuity planning (BCP) capability to lead Business Impact Analysis (BIA), continuity planning, and DR testing

• Exhibits IT and Cybersecurity risk management skill to track, monitor, and validate security issues and remediation actions

• Actively solicits feedback from audited units and stakeholders, actively listens to their suggestions, and takes appropriate action to improve risk management quality;

•  Expresses empathy and understanding towards business units by acknowledging their operational challenges and responding with balanced risk mitigation support;

• Demonstrates a strong understanding of the banking industry, including market trends, regulatory changes (NBE directives), and competitive landscape, to provide informed risk advice and solutions to the Bank;

• Skill to convey insights and recommendations clearly to management and other stakeholders through high-quality reporting and presentation;

• Manage external vendors, service providers, or consultants when needed for penetration testing, audits, or advisory services;

• Generates innovative and out-of-the-box ideas to solve cybersecurity challenges, considering alternative approaches and evaluating the potential impact of different solutions;

• Analyzes business unit needs and risk profiles to provide tailored recommendations on security controls and risk treatment options that align with the Bank’s risk appetite.

How To Apply

Interested applicants should submit their education credential and relevant work experience through the below link. The document should be PDF format and each file size shall not exceed 1MB.

• Remuneration: As per the bank’s salary and benefits structure

• Closing date: 5 working days from the date of the announcement.

• Female applicants are strongly encouraged to apply.

• Only shortlisted applicants will be contacted.

• Application deadline: April 21, 2026.

🔗 Registration link: https://career55.sapsf.eu/sfcareer/jobreqcareer?jobId=4738&company=cooperat05

Job Requirements The role requires a Master's Degree or Bachelor's Degree in Information Communication Technology, Computer Engineering, Computer Science, Information Systems, Electrical and Computer Engineering, Management Information System  and related fields. How to Apply Apply using the provided link below.