Manager- Information Risk (1 Position)

Reporting to the Head- Information Risk Management, the role holder is responsible for Supporting the Head of Information Risk Management in overseeing and managing cyber, technology, and information risks (including digital and paper-based records) within the enterprise risk management portfolio, assisting in the identification, assessment, mitigation, and monitoring of information-related risks across the information lifecycle (creation, processing, storage, transmission, and disposal), and Contributing to the implementation of information risk pillars—such as Technology Enablement and Cyber Control, People Risk and Awareness Culture, Operational Resilience, Third-Party Information Oversight, and Metrics & Board Reporting and support project management review.

KEY ACCOUNTABILITIES:

Support the execution of the approved information risk management strategy.
Monitor the effectiveness of controls and recommend updates based on evolving threats and incidents.
Participate in digital transformation initiatives by identifying risks to emerging technologies and supporting the integration of security controls.
Conduct risk assessments for information assets (digital and paper-based), identifying threats, vulnerabilities, and evaluating existing controls across the enterprise.
Assist in quantifying inherent and residual risks and recommending risk treatment plans.
Support the assessment and review of risks related to changes in information systems, processes, and assets.
Ensure compliance with security policies during change processes.
Advise on the implementation of changes in the bank.
Review and assess information risk aspects of key projects and initiatives across the organization.
Participate in project steering committees or working groups as required, providing risk insights and recommendations.
Monitor project risk registers and ensure that information risk controls are embedded in project plans and delivery.
Track and report on the status of risk mitigation actions within projects, escalating unresolved issues to the Head of Information Risk Management.
Assist in assessing risks for alignment with the institution’s risk appetite and in preparing recommendations for capital allocation as part of ICAAP.
Monitor current and emerging risks, and changes in laws, regulations, and standards.
Prepare risk reports, key risk indicators (KRIs), and compliance maturity updates for review by the Head of Information Risk Management.
Maintain and update risk registers for cyber, technology, and information risks.
Support the maintenance of a comprehensive inventory of information assets and conduct business impact analyses.
Collaborate with the CTDO, CISO, and business technology teams to design and implement controls for safeguarding information assets.
Support third-party risk assessments and vendor compliance reviews.
Support the design of Enterprise-wide information risk controls.
Advise on the design and architecture of the bank’s implementations.
Assist in ensuring compliance with relevant laws, regulations, and standards (e.g., ISO/IEC 27001, PCI DSS, SWIFT).
Support the preparation of risk related regulatory reports and compliance monitoring.
Support the inclusion of information assets in business impact analyses and disaster recovery planning.
Assist in incident response and post-incident reviews for breaches involving information assets.
Participate in employee awareness campaigns and training to promote secure behaviour and reduce insider threats.
Support customer awareness initiatives on information security best practices.
Coordinate with other risk and assurance functions (e.g., Compliance, Operational Risk, Internal Audit) as required.
Maintain documentation of all oversight, challenge, and assurance activities performed.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

Bachelor’s Degree in Information Technology, Cybersecurity, Risk Management, or a related field. Master’s degree are highly desirable.
Knowledge of data analysis, data modelling and validation tools.
Experience in management reporting on Information Risk Management through effective documentation, data analysis, reporting, and communication of risk assessments and mitigation strategies.
Minimum of 5 years’ experience in information risk management or a related field, preferably in the financial services sector.
Strong analytical, communication, and interpersonal skills.
Experience in project management or project risk review is highly desirable.
Familiarity with the financial regulatory system and risk management frameworks.
Professional certifications such as CISM, CRISC, CISSP, or ISO 27001 Lead Auditor are an advantage.
Attention to detail, integrity, and high standards.
Ability to work independently and as part of a team.
Strong initiative and willingness to take responsibility.
Ability to work under pressure and engage with stakeholders at various levels.