JOB SUMMARY/PUPORSE

The Information and Cyber Security Officer is responsible for leading the information security function within the organization. This role involves overseeing the development, implementation, and management of the organization's cybersecurity strategy, policies, and procedures. The Information& Cyber Security Officer will ensure that all information systems are protected against cybersecurity threats and that the organization complies with relevant regulations and industry standards. The role reports administratively to the Chief Executive Officer (CEO) and functionally to the IT Board Committee.

MAIN RESPONSIBILITIES

Christ-centered character, and passion to serve underserved communities of Rwanda.

1. Cybersecurity Strategy

• Design and implement a robust cybersecurity strategy that aligns with organizational goals and regulatory requirements.
• Ensure the effective execution of the cybersecurity program across the organization.

2. Program Oversight and Enforcement

• Oversee the implementation of the cybersecurity program, ensuring compliance with regulatory standards.
• Recommend actions to address program shortfalls and enforce the organization’s cybersecurity policies.

3. Threat Modeling and Management

• Establish and maintain threat modeling capabilities to identify, assess, and mitigate potential cybersecurity risks.
• Develop and maintain threat profiles for identified threats to the organization.

4. Penetration Testing and Internal Assessments

• Conduct comprehensive penetration tests to identify vulnerabilities in the organization's systems.
• Perform regular internal security assessments and audits to ensure compliance with security standards and policies.

5. Incident Detection and Monitoring

• Detect cybersecurity incidents and monitor regularly for abnormal or unauthorized access to the organization's information systems.
• Implement preventive and detective infrastructure to protect against unauthorized access and other malicious acts.

6. Incident Response and Recovery

• Incident Mitigation and Recovery: Respond to detected cybersecurity incidents to mitigate negative effects, recover from cyber-attacks, and promptly restore normal operations and services
• Incident Management and Coordination: Develop and maintain an incident response plan, and coordinate with relevant stakeholders to effectively contain, investigate, and remediate security incidents.

7. Security Policies and Procedures Implementation

• Implement preventive and detective infrastructure, policies, and procedures to protect the organization’s information systems and financial data from unauthorized access or malicious acts.
• Create and maintain comprehensive security policies, standards, and guidelines that align with industry best practices and regulatory requirements.

8. Risk Identification and Assessment

• Identify and assess internal and external cybersecurity risks that may threaten the security or integrity of non-public data on the organization’s information systems.
• Conduct regular risk and vulnerability assessments to identify weaknesses and recommend remediation measures.

9. Security Awareness and Training

• Develop and deliver training programs to educate employees on information security best practices, policies, and procedures.
• Foster a culture of security awareness and compliance within the organization.

10. Third-Party Relationship Management

• Evaluate the security posture of third-party vendors and service providers.
• Ensure that appropriate security controls are in place and that contracts include relevant security clauses.

11. Industry Trends and Compliance

• Continuously monitor industry trends, emerging technologies, and new threats to ensure the organization’s security controls remain effective.
• Maintain knowledge of relevant laws, regulations, and compliance requirements.

12. Reporting and Communication

• Provide regular reports to the CEO and the IT Board Committee on the status of information security initiatives, risks, incidents, and compliance.
• Effectively communicate cybersecurity risks and strategies to non-technical stakeholders.

REQUIREMENTS OF THE ROLE

• Bachelor’s degree in computer science, Information Technology, or a related field.
• Professional certifications in information security, such as CEH, CISSP, CISM, or CISA, are highly desirable.
• 2- 3 years of full-time work experience in Information Security or related field preferably in banking or financial services, Telecom or any related field.
• Good knowledge of information security management or related functions (such as IT audit or IT Risk Management) will be an added advantage.
• A good understanding of technical IT roles such as IT architecture, development, or operations, with a clear and abiding interest in information security and system controls.
• Ability to work independently, meet deadlines and motivate others to do the same.
• Strong understanding of information security principles, standards, and best practices.
• Familiarity with regulatory requirements related to cybersecurity, data protection, privacy, and financial services.
• Knowledge of network and systems administration, including firewalls, intrusion detection systems, and vulnerability scanning tools.
• Experience in developing and implementing security policies, procedures, and standards.
• Ability to conduct risk assessments, vulnerability assessments, and security audits.
• Excellent communication and interpersonal skills to effectively train and educate staff members on security best practices.
• Strong problem-solving and analytical skills to identify and address security issues.
• Knowledge of financial sector and understanding of Christian organizational values is a plus.

• Design and implement a robust cybersecurity strategy that aligns with organizational goals and regulatory requirements.
• Ensure the effective execution of the cybersecurity program across the organization.
• Oversee the implementation of the cybersecurity program, ensuring compliance with regulatory standards.
• Recommend actions to address program shortfalls and enforce the organization’s cybersecurity policies.
• Establish and maintain threat modeling capabilities to identify, assess, and mitigate potential cybersecurity risks.
• Develop and maintain threat profiles for identified threats to the organization.
• Conduct comprehensive penetration tests to identify vulnerabilities in the organization's systems.
• Perform regular internal security assessments and audits to ensure compliance with security standards and policies.
• Detect cybersecurity incidents and monitor regularly for abnormal or unauthorized access to the organization's information systems.
• Implement preventive and detective infrastructure to protect against unauthorized access and other malicious acts.
• Respond to detected cybersecurity incidents to mitigate negative effects, recover from cyber-attacks, and promptly restore normal operations and services.
• Develop and maintain an incident response plan, and coordinate with relevant stakeholders to effectively contain, investigate, and remediate security incidents.
• Implement preventive and detective infrastructure, policies, and procedures to protect the organization’s information systems and financial data from unauthorized access or malicious acts.
• Create and maintain comprehensive security policies, standards, and guidelines that align with industry best practices and regulatory requirements.
• Identify and assess internal and external cybersecurity risks that may threaten the security or integrity of non-public data on the organization’s information systems.
• Conduct regular risk and vulnerability assessments to identify weaknesses and recommend remediation measures.
• Develop and deliver training programs to educate employees on information security best practices, policies, and procedures.
• Foster a culture of security awareness and compliance within the organization.
• Evaluate the security posture of third-party vendors and service providers.
• Ensure that appropriate security controls are in place and that contracts include relevant security clauses.
• Continuously monitor industry trends, emerging technologies, and new threats to ensure the organization’s security controls remain effective.
• Maintain knowledge of relevant laws, regulations, and compliance requirements.
• Provide regular reports to the CEO and the IT Board Committee on the status of information security initiatives, risks, incidents, and compliance.
• Effectively communicate cybersecurity risks and strategies to non-technical stakeholders.

• Strong understanding of information security principles, standards, and best practices.
• Familiarity with regulatory requirements related to cybersecurity, data protection, privacy, and financial services.
• Knowledge of network and systems administration, including firewalls, intrusion detection systems, and vulnerability scanning tools.
• Experience in developing and implementing security policies, procedures, and standards.
• Ability to conduct risk assessments, vulnerability assessments, and security audits.
• Excellent communication and interpersonal skills to effectively train and educate staff members on security best practices.
• Strong problem-solving and analytical skills to identify and address security issues.
• Knowledge of financial sector and understanding of Christian organizational values is a plus.

• Bachelor’s degree in computer science, Information Technology, or a related field.
• Professional certifications in information security, such as CEH, CISSP, CISM, or CISA, are highly desirable.
• Good knowledge of information security management or related functions (such as IT audit or IT Risk Management) will be an added advantage.
• A good understanding of technical IT roles such as IT architecture, development, or operations, with a clear and abiding interest in information security and system controls.
• Ability to work independently, meet deadlines and motivate others to do the same.