Chief Information Security Officer

Position Summary

The Chief Information Security Officer (CISO) is responsible for establishing and enhancing the bank's information security and technology risk management capabilities, ensuring that client’s information assets are effectively protected against existing cybersecurity threats. This role is crucial for safeguarding the bank’s data, technology infrastructure, and customer information. Given the high regulatory standards and the increasing focus of cyber threats on financial institutions, the expectations for a CISO in this sector are extensive, requiring a blend of strategic leadership and technical expertise. The CISO plays a pivotal role in maintaining trust, protecting the bank’s assets, and ensuring the resilience of its operations amid rising cyber risks. We seek a candidate with the right skill set, expertise, and experience to meet these critical responsibilities.

Skill set and/or Expertise/Experience

• Develop and Implement a Robust Security Strategy
• Ensure Regulatory Compliance
• Risk Management and Mitigation
• Incident Response and Crisis Management
• Cybersecurity Awareness and Training
• Collaborate with Senior Management and Board
• Implement Security Technologies
• Third-Party Risk Management
• Data Privacy and Protection
• Foster a Culture of Security
• Continuous Monitoring and Threat Intelligence
• Budgeting and Resource Allocation
• Security Governance
• Collaboration with Law Enforcement and Industry Peers
• Cloud and Digital Transformation Security

 Key Responsibilities

• Provide leadership, vision, and direction on information security to the information security staff. Prepare and launch for various platforms (e.g. Android, iOS, web etc.)
• Oversee and coordinate all aspects of alignment of the Bank’s information security policies and procedures aligned with Industry’s best practices and regulatory requirements including directing and approving the design of security systems and services.
• Oversee and ensure the delivery of effective information security awareness trainings to bank’s staff.
• Analyze and ensure that information security programs are in compliance with applicable laws, regulations, and policies.
• Manage and maintain key information security functions, including information security risks, security operations and other activities related to ISMD across the bank.
• Alignment of Bank's risk management strategy and build out information security specific elements, collaborating with appropriate management teams and committees to obtain buy-in and build momentum.
• Collaborate with systems/application owners to understand and address the risk position around key business applications and data.
• Develop and obtain management approval for short and long term strategies, roadmaps, and business cases to appropriately mitigate, detect, and deter information security threats and IT Risk.
• Facilitate the development of processes to respond in a timely and proactive manner to significant information security breaches.
• Develop appropriate baseline security controls to enhance security architecture while minimizing risk to an accepted level with the consent of management.
• Ensure that processes are in place and that staff is appropriately skilled to respond to security incidents.
• Lead the effort to maintain an effective and timely program to manage identity and access privileges.

Experience, Skills (Necessary to perform the job completely)

• Masters in Computer Science/Computer Engineering or Equivalent degree
• Must have relevant Industry related Information Security certifications like CISM, CISSP etc.
• Good knowledge of information security best practices/international standards and local banking regulations/ practices
• Minimum 10 -15 years’ experience in Financial Services Sector with preferably 8 years in the Banking sector in the field of Information Security Management.
• Well acquainted with security management tools and techniques for security/risk management

Internal - Most Frequent Contacts  

• All relevant departments/units wherever necessary                            

 External - Most Frequent Contacts

• Technology vendors, SBP Auditors/Inspection Team, Regulatory Authorities, External Auditors