Zambia National Commercial Bank Plc (Zanaco) is inviting applications from suitably qualified and experienced individuals for the following job aimed at contributing to the Bank’s strategic vision, in the Risk Division under the Integrated Risk Management Department to be based at Head Office: –
o To ensure preservation of availability, integrity and confidentiality of the Bank’s Information systems to ensure maximum business value at minimal information security risk.
Under the supervision of the Information Security Risk Head, the following are among the Key Job Responsibilities: –
o Conduct testing of Web and Applications security controls, Network security controls, Database security controls, Operating Systems security controls, Data Privacy controls and Data Loss Prevention controls in line with the Vulnerability Management Program and the Information Security Management Systems (ISMS).
o Engage the IT Security Operations team on all Information Security Risks as a result of internal and external penetration assessments as well as vulnerability assessments and coordinate mitigation of identified risks.
o Investigate cyberattacks, intrusion incidents, conduct forensic investigations and monitor incident responses in line with Vulnerability Management Program and the Information Security Management Systems (ISMS).
o Design controls to ensure implementation of adequate data privacy controls and policies; data loss prevention controls and policies; and access management controls and policies of all information systems owned by the Bank in line with business needs and AIC classification.
o Engage the IT Security Operations team to ensure data privacy controls, data loss prevention controls and access management controls are operating effectively in line with business needs and AIC classification.
o Benchmark and evaluate current information security technologies against industry practices to enhance information security capabilities of the Bank.
o Develop and implement information security awareness programs targeted at both Zanaco users and external customers.
o Develop and implement the policies and procedures and controls for PKI and Digital Signatures in line with Business needs.
o Ensure that the Bank attains and maintain the PCI DSS and ISO 27000 certifications.
o To perform analysis of logs to ensure that risks are timely identified and response plans implemented.
o Contribute to the Governance Risk and Compliance Committee (GRC).
o Perform any other duties and tasks as may be assigned by management.
o External: ZICTA, BAZ, security vendors and other regulatory bodies
o Internal: All Divisions
Qualifications And Experience
o Grade 12 certificate with a minimum of 5 credits, of which English and Mathematics are mandatory.
o University Degree in Engineering, Electronics, Telecommunications Engineering or Computer Science.
o Certifications: CISM, CRISC, CISA, CEH, CISSP, SCP, CISMP, ISO 270001/2, COBIT 5, PCI DSS or related Information Risk Certification.
o Member of ISACA and/or ICTSZ.
o At least five (5) years’ experience in Information Security, Risk Management or a similar role.
o Must have knowledge of Security Information and Events Management (SIEM).
o Must be conversant with Data Centre security operations.
o Strong knowledge of Information Risk Management and Analytics.
o Strong knowledge of ISO 27000 and PCI DSS standards.
o Good Banking Information Systems knowledge.
o Good knowledge of integration software and electronic funds transfer.
o Banking/Financial services knowledge.
Job Core Competencies
o Highly developed Interpersonal skills, able to engage with external and internal customers
o Good analytical/ financial skills
o Planning and organizing
o Optimizing for the accomplishment of tasks
o Drive results
o Effective time management
How to Apply
All applications must have an application/cover letter and detailed curriculum vitae indicating the position being applied for in the subject line and should be sent by email to: