TITRE DU POSTE

: IT Security Officer

DEPARTEMENT

: Information Technology

LIEU D’AFFECTATION

: Kinshasa

TYPE DE CONTRAT

: CDI assorti d’une période d’essai de 3 mois

Job function*

Information Technology

Job family*

Technology Risk & IT Security Management

Job reports to*

Manager IT Security, Governance, Risk and Compliance

Career type*

Functional/Specialist

Job purpose description*

To provide IT security services to the IT Department/Bank and in so doing ensure that all IT security policies and controls are in place for adequate logical and physical access as per Group guidelines. To review all user access requests in conjunction with Production/Application Teams prior to the granting thereof. To follow-up on all audit issues and provide guidance, supervision and assistance in BCM and DR operations/exercises.

Job criticality

Strategically Critical

Output group 1*

Oversee IT security management for the Bank from a technological perspective

Outputs and measures*

• Working within group standards, ensure that all IT security policies and controls are in place for both logical and physical access.
• Monitor full adherence to Group security practices/protocols/standards/guidelines as well as industry practices and best practices.
• Check that all local country IT security requirements are updated/incorporated into and aligned to Group IT security guidelines
• Check all Patch deployment is up to date
• Check that Bank’s IT equipment is properly maintained by overseeing the loading of patches, firmware upgrades etc. Ensure that intrusion prevention and detection systems are in place.
• Report and track security breaches and ensure that any known and substantive security gaps are dealt with swiftly.
• Analyze critical vulnerabilities and come up with plans/actions to address security issues in the short and long run as needed. Plan relevant penetration testing and other security initiatives throughout the year.
• Engage and engagement and collaborate consistently with IT team, CIO and Group/Regional Security Officers to identify/mitigate risk and constantly increase on country’s security posture.
• Review Security policy as directed by CIO.
• Supervise the technical testing of new systems, applications and/or infrastructure from a security perspective. Make recommendations to the CIO on the security readiness as part of the go/no-go decision process
• Review all user access requests in conjunction with Production/Application teams.
• On a periodic basis, extract and review existing users access control lists from all systems
• Perform IT Risk assessments for existing/new Hardware and software
• Checkl Antivirus versions are up to date and that antivirus management and distribution servers are fully functional
• Escalate any security failures or breaches immediately. Log the incident reports, participate in the investigations and work on the remedial actions to prevent recurrence.
• Drive awareness campaign to sensitize staff on all security aspects relating to technology.
• Participate in business discussions around all topics relating to IT security. 

Output group 2*

User access management

Outputs and measures*

• Review all user access requests in conjunction with Production/Application teams.
• On a periodic basis, extract and review existing users access control lists from all systems
• Liaise with respective colleagues/departments for appropriate periodic review of all user access rights and manage any remediation thereof.

Output group 3*

Manage Disaster Recovery Planning

Outputs and measures*

• Manage the IT Disaster Recovery Plan and update as necessary
• Coordinate DR/BCM testing at least twice a year in conjunction with other units within IT / Bank
• Regularly and proactively engage with other BCM manager/co-ordinators/alternates to ensure the IT services at DR site are adequate to enable the business to function in case of disaster.

Output group 4

Manage the resolution of audit findings

Outputs and measures

• Track, review and manage the resolution of Audit findings in conjunction with CIO.

Output group 5

Key Performance measures

Outputs and measures

• Monitor number of outstanding Audit issues
• Update DRP/BCM to be completed twice a year
• Testing of DRP/BCM to be done at least twice a year
• Monitor number of IT security breaches
• Comply with Group IT security guidelines

Formal minimum qualification 1*

Type of qualification: First Degree
Field of study: IT and Computer Sciences

Other qualifications, certifications or professional memberships

ITIL Foundation Certification

Experience required*

Job Function: Information Technology
Job Family: IT Security
Years: 3-4 Years
Experience Description: Experience in IT Security / Auditing in a multi-system environment.

Experience preferred 1

Job Function: Information Technology
Job Family: Business Partnering
Years: 1-2 Years
Experience Description: Experience engaging directly with a client-facing team on their technology requirements would be advantageous.

Behavioural competency 1*

Competency Label: Exploring Possibilities
Competency Description: Exploring possibilities is about individuals being effective at displaying behaviours associated with different situations or problems. Individuals are required to look at a problem and define it in an abstract manner. “Unpacking” a problem in terms of its underlying principles and basing the problem on sound theory typically allows for deeper insight into the true nature of the problem. This makes the nature of the problem more complete, more meaningful and therefore longer term sustainable solutions more likely.  

Behavioural competency 2*

Competency Label: Providing Insights
Competency Description: This dimension is about providing insight with regards to aspects that are likely to have an impact on the organisation. It is about making it clear to others what the implications of internal and external organisational environmental factors and processes are on the competitive position of the organisation. “Providing Insights” should be done with a focus on improving the situation.

Behavioural competency 3

Competency Label: Adopting Practical Approaches
Competency Description: Adopting practical solutions with an emphasis on learning by doing. This competency requires individuals to utilise common sense when required. Ultimately, this competency is important in order to ensure that organisations implement feasible solutions.

Behavioural competency 4

Competency Label: Examining Information
Competency Description: This competency serves to aid effective problem solving and requires being effective at probing and analysing situations efficiently and accurately. This competency is important because without sufficient analysis, effective solutions become less probable. In addition, poor analysis makes it more likely that individuals become confused and anxious, bored, error prone or overwhelmed by detail, which also impacts negatively on successful problem solving.

Behavioural competency 5

Competency Label: Interpreting Data
Competency Description: This competency is about interpreting data accurately with an emphasis on the processing and interpretation of numbers. This competency also includes the utilisation of technology.

Behavioural competency 6

Competency Label: Showing Composure
Competency Description: This is about the extent to which individuals can remain calm under pressure and maintain poise before and during important events. As such, the competency addressed in this document is concerned with the extent to which individuals show behaviours that lead to the effective handling of pressurised situations. 

Behavioural competency 7

Competency Label: Checking Details
Competency Description: This competency is concerned with the careful checking and confirmation of details in a task. Another behaviour associated with the “Checking Details” competency is being accurate. Being accurate requires individuals to have a strong quality orientation as well as to be thorough and detailed in their approach when completing tasks in order to avoid making mistakes.

Behavioural competency 8

Competency Label: Directing People
Competency Description: This competency emphasises the “leading” or “giving direction” part of leadership. The effective display of the “Leading People” competency is highly dependent on the effective display of a number of other competencies. Leading people is about taking control of as well as coordinating people and resources. While there are many different views on what leadership is, in this case, the concern is not focused on what leadership is, but is rather focused on the generic behaviour associated with leading people.

Technical competency 1*

Competency Label: Infrastructure/Platforms
Competency Description: Enterprise computing infrastructure support and maintenance provision.
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required

Technical competency 2*

Competency Label: Business Continuity Management
Competency Description: Refers to the knowledge and experience required to ensure provision of service continuity planning and support.
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required

Technical competency 3

Competency Label: Information Security
Competency Description: The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
Proficiency Level: ADVANCED - Mastered the concept, able to act independently, provides guidance and training to others

Technical competency 4

Competency Label: Knowledge of Banking & Financial Services business
Competency Description: Knowledge of business concepts, entities (definition, ownership, use, semantics and syntax) specific to Banking & Financial Services industry.
Proficiency Level: PROFICIENT - Clear knowledge and application of the concept

Leadership Competency 1

Competency Label: Purposeful Collaboration
Competency Description: Understands and leverages the dependencies across the organisation and the impact of own actions on the rest of the organisation to create organisation alignment for decision-making and delivery of quality outcomes.
Proficiency Level Description: 1 Identifies functions that need to be engaged; Knows which other functions will be affected by own plans. Includes the smallest effective number of people in the decision-making process.

Business accountability: Impact on end result*

Shared - Jointly accountable with peers in our outside immediate department

Description or examples: Hardware/software upgrades, redundancy, IT infrastructure/security are developed in collaboration with group and vendor counterparts.

Internal relationships*

Business area: Business areas that use the PC’s, Servers and Networks in the supported portfolio
Job: Employees and line managers
Nature of relationship: Contribute to their service delivery
Sphere of influence: Limited to their department only
Description or examples: Engaging on hardware or network issues that could affect their ability to work or their clients.

Business area: Group technology teams
Job: Production support colleagues
Nature of relationship: Provide and receive a service
Sphere of influence: Impact the whole functional area
Description or examples: Collaborate on new developments, escalating issues on group connectivity or hardware issues.

External relationships*

Role type of external contact: Security Officers/Manager at Group level
Nature of relationship: Manage the relationship
Description or examples: Regular proactive engagement to ensure that the standard of service provision is as expected and to allow easy access to the right resources for IT security incident resolution.

Accountability for problem solving*

Degree of guidance received to solve problems:
Clearly Defined - Policies, principles, readily available direction
Description or examples: Group policies and standard operating procedures define the way the data centre, hardware, telephony and networks need to be maintained and governed, but the local installations are locally owned and the job holder will have to apply the policies in a local context.

Degree of original thought required to solve problems:

Variable - Differing situations within boundaries of experience

Description or examples: Issues and incidents will vary.

Accountability for planning of activities*

Integration of functions that are similar

Description or examples: The role holder is accountable for oversight of the end to end IT infrastructure support.

Discretion allowed for decision making*

Regulated - Closely defined procedures, manager review of progress and results

Description or examples:  Processes and policies are defined.

Work environment*

Working Conditions 1: Night work may be required
Working Conditions 2: Rest of Africa travel may be required
Physical Requirements: No specific physical requirements