Chief Information Security Officer (CISO)

About the role

The Chief Information Security Officer (CISO) will lead the bank’s information security and cybersecurity strategy, protecting systems, networks, applications and sensitive data from internal and external threats. Reporting to the Chief Risk Officer, the CISO will shape governance, risk management and compliance across the organisation.

Key responsibilities

• Develop, implement and maintain an enterprise‑wide information security and cybersecurity strategy, governance framework, policies, standards and procedures aligned with business and regulatory requirements.
• Identify, assess, monitor and mitigate information security risks, ensuring compliance with laws, regulations and industry standards.
• Oversee security operations including threat monitoring, vulnerability management, incident detection, response, investigation, reporting and remediation.
• Integrate security‑by‑design principles into technology solutions, infrastructure, applications and projects.
• Manage cybersecurity audits, penetration testing, vulnerability assessments, security reviews and compliance exercises, ensuring timely remediation.
• Monitor emerging threats and security technologies, recommending enhancements to strengthen the bank’s security posture.
• Provide strategic advice and regular reporting to senior management on risks, incidents and security initiatives.
• Promote cybersecurity awareness through training and communication programmes.
• Build relationships with regulators, auditors and external stakeholders.
• Lead, mentor and develop the information security team.

Required profile

• Bachelor’s degree in IT, Computer Science, Cybersecurity, Information Systems or a related field.
• Post‑graduate qualification or professional certification in Information Security or Risk Management is an advantage.
• 5–10 years of experience in banking or financial services, including 3–5 years in information security, IT risk or cybersecurity leadership.
• Proven experience developing and implementing security strategies and governance frameworks.

Required skills

• Threat monitoring
• Vulnerability management
• Incident detection and response
• Penetration testing
• Security audits and compliance
• Security governance frameworks
• Regulatory compliance