|
OFFRE D’EMPLOI N° 011/SB-RDC/KIN/2019
|
|
|
|
|
|
TITRE DU POSTE
|
: IT Security Officer
|
|
DEPARTEMENT
|
: Information Technology
|
|
LIEU D’AFFECTATION
|
: Kinshasa
|
|
TYPE DE CONTRAT
|
: CDI assorti d’une période d’essai de 3 mois
|
|
|
|
|
A PROPOS DE STANDARD BANK
|
|
|
|
Standard Bank RDC fait partie du plus grand groupe bancaire de l’Afrique en termes de capitalisation boursière dont le siège se situé à Johannesburg. Présente dans 38 pays dont 18 en Afrique, c’est depuis 1992 qu’elle opère au Congo à la suite de l’acquisition d’ANZ Grindlays Zaire qui existait dans le pays depuis 1973.
Standard Bank RDC offre une gamme variée de produits et services par le truchement de ses diverses branches à travers la RDC via un réseau des intermédiaires (banques correspondantes). Nous avons développé une expertise dans la prestation des services liés aux besoins des entreprises minières, multinationales, Nations-Unies et autres organisations internationales opérant en République Démocratique du Congo.
Nos équipes allient leur connaissance approfondie sur les conditions et déterminants du marché en RDC à l’expertise du Groupe Standard Bank opérant dans les marchés émergeants aux fins de développement des solutions sur mesure répondant aux besoins de la clientèle.
|
|
I. JOB DESCRIPTION
|
|
Links to structures
|
|
Job function*
|
Information Technology
|
|
Job family*
|
Technology Risk & IT Security Management
|
|
Job reports to*
|
Chief Information Officer (Country)
|
|
Career type*
|
Functional/Specialist
|
|
Contribution
|
|
|
Job purpose description*
|
To provide IT security services to the IT Department/Bank and in so doing ensure that all IT security policies and controls are in place for adequate logical and physical access as per Group guidelines. To review all user access requests in conjunction with Production/Application Teams prior to the granting thereof. To follow-up on all audit issues and provide guidance, supervision and assistance in BCM and DR operations/exercises.
|
|
Job criticality
|
Strategically Critical
|
|
Key responsibilities*
|
|
Output group 1*
|
Oversee IT security management for the Bank from a technological perspective
|
|
Outputs and measures*
|
- Working within group standards, ensure that all IT security policies and controls are in place for both logical and physical access.
- Monitor full adherence to Group security practices/protocols/standards/guidelines as well as industry practices and best practices.
- Check that all local country IT security requirements are updated/incorporated into and aligned to Group IT security guidelines
- Check all Patch deployment is up to date
- Check that Bank’s IT equipment is properly maintained by overseeing the loading of patches, firmware upgrades etc. Ensure that intrusion prevention and detection systems are in place.
- Report and track security breaches and ensure that any known and substantive security gaps are dealt with swiftly.
- Analyze critical vulnerabilities and come up with plans/actions to address security issues in the short and long run as needed. Plan relevant penetration testing and other security initiatives throughout the year.
- Engage and engagement and collaborate consistently with IT team, CIO and Group/Regional Security Officers to identify/mitigate risk and constantly increase on country’s security posture.
- Review Security policy as directed by CIO.
- Supervise the technical testing of new systems, applications and/or infrastructure from a security perspective. Make recommendations to the CIO on the security readiness as part of the go/no-go decision process
- Review all user access requests in conjunction with Production/Application teams.
- On a periodic basis, extract and review existing users access control lists from all systems
- Perform IT Risk assessments for existing/new Hardware and software
- Checkl Antivirus versions are up to date and that antivirus management and distribution servers are fully functional
- Escalate any security failures or breaches immediately. Log the incident reports, participate in the investigations and work on the remedial actions to prevent recurrence.
- Drive awareness campaign to sensitize staff on all security aspects relating to technology.
- Participate in business discussions around all topics relating to IT security.
|
|
Output group 2*
|
User access management
|
|
Outputs and measures*
|
- Review all user access requests in conjunction with Production/Application teams.
- On a periodic basis, extract and review existing users access control lists from all systems
- Liaise with respective colleagues/departments for appropriate periodic review of all user access rights and manage any remediation thereof.
|
|
Output group 3*
|
Manage Disaster Recovery Planning
|
|
Outputs and measures*
|
- Manage the IT Disaster Recovery Plan and update as necessary
- Coordinate DR/BCM testing at least twice a year in conjunction with other units within IT / Bank
- Regularly and proactively engage with other BCM manager/co-ordinators/alternates to ensure the IT services at DR site are adequate to enable the business to function in case of disaster.
|
|
Output group 4
|
Manage the resolution of audit findings
|
|
|
Outputs and measures
|
- Track, review and manage the resolution of Audit findings in conjunction with CIO.
|
|
|
Output group 5
|
Key Performance measures
|
|
Outputs and measures
|
- Monitor number of outstanding Audit issues
- Update DRP/BCM to be completed twice a year
- Testing of DRP/BCM to be done at least twice a year
- Monitor number of IT security breaches
- Comply with Group IT security guidelines
|
|
|
|
|
|
|
|
II. REQUIREMENTS
|
|
Qualifications
|
|
|
Formal minimum qualification 1*
|
Type of qualification: First Degree
Field of study: IT and Computer Sciences
|
|
Other qualifications, certifications or professional memberships
|
ITIL Foundation Certification
|
|
Experience
|
|
|
Experience required*
|
Job Function: Information Technology
Job Family: IT Security
Years: 3-4 Years
Experience Description: Experience in IT Security / Auditing in a multi-system environment.
|
|
Experience preferred 1
|
Job Function: Information Technology
Job Family: Business Partnering
Years: 1-2 Years
Experience Description: Experience engaging directly with a client-facing team on their technology requirements would be advantageous.
|
|
|
|
|
Behavioural Competencies
|
|
|
|
|
Behavioural competency 1*
|
Competency Label: Exploring Possibilities
Competency Description: Exploring possibilities is about individuals being effective at displaying behaviours associated with different situations or problems. Individuals are required to look at a problem and define it in an abstract manner. “Unpacking” a problem in terms of its underlying principles and basing the problem on sound theory typically allows for deeper insight into the true nature of the problem. This makes the nature of the problem more complete, more meaningful and therefore longer term sustainable solutions more likely.
|
|
Behavioural competency 2*
|
Competency Label: Providing Insights
Competency Description: This dimension is about providing insight with regards to aspects that are likely to have an impact on the organisation. It is about making it clear to others what the implications of internal and external organisational environmental factors and processes are on the competitive position of the organisation. “Providing Insights” should be done with a focus on improving the situation.
|
|
Behavioural competency 3
|
Competency Label: Adopting Practical Approaches
Competency Description: Adopting practical solutions with an emphasis on learning by doing. This competency requires individuals to utilise common sense when required. Ultimately, this competency is important in order to ensure that organisations implement feasible solutions.
|
|
Behavioural competency 4
|
Competency Label: Examining Information
Competency Description: This competency serves to aid effective problem solving and requires being effective at probing and analysing situations efficiently and accurately. This competency is important because without sufficient analysis, effective solutions become less probable. In addition, poor analysis makes it more likely that individuals become confused and anxious, bored, error prone or overwhelmed by detail, which also impacts negatively on successful problem solving.
|
|
Behavioural competency 5
|
Competency Label: Interpreting Data
Competency Description: This competency is about interpreting data accurately with an emphasis on the processing and interpretation of numbers. This competency also includes the utilisation of technology.
|
|
Behavioural competency 6
|
Competency Label: Showing Composure
Competency Description: This is about the extent to which individuals can remain calm under pressure and maintain poise before and during important events. As such, the competency addressed in this document is concerned with the extent to which individuals show behaviours that lead to the effective handling of pressurised situations.
|
|
Behavioural competency 7
|
Competency Label: Checking Details
Competency Description: This competency is concerned with the careful checking and confirmation of details in a task. Another behaviour associated with the “Checking Details” competency is being accurate. Being accurate requires individuals to have a strong quality orientation as well as to be thorough and detailed in their approach when completing tasks in order to avoid making mistakes.
|
|
Behavioural competency 8
|
Competency Label: Directing People
Competency Description: This competency emphasises the “leading” or “giving direction” part of leadership. The effective display of the “Leading People” competency is highly dependent on the effective display of a number of other competencies. Leading people is about taking control of as well as coordinating people and resources. While there are many different views on what leadership is, in this case, the concern is not focused on what leadership is, but is rather focused on the generic behaviour associated with leading people.
|
|
|
|
|
Technical Competencies
|
|
Technical competency 1*
|
Competency Label: Infrastructure/Platforms
Competency Description: Enterprise computing infrastructure support and maintenance provision.
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required
|
|
Technical competency 2*
|
Competency Label: Business Continuity Management
Competency Description: Refers to the knowledge and experience required to ensure provision of service continuity planning and support.
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required
|
|
Technical competency 3
|
Competency Label: Information Security
Competency Description: The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
Proficiency Level: ADVANCED - Mastered the concept, able to act independently, provides guidance and training to others
|
|
Technical competency 4
|
Competency Label: Knowledge of Banking & Financial Services business
Competency Description: Knowledge of business concepts, entities (definition, ownership, use, semantics and syntax) specific to Banking & Financial Services industry.
Proficiency Level: PROFICIENT - Clear knowledge and application of the concept
|
|
Leadership Competencies (for jobs in Levels of Work 3 to 7)
|
|
Leadership Competency 1
|
Competency Label: Purposeful Collaboration
Competency Description: Understands and leverages the dependencies across the organisation and the impact of own actions on the rest of the organisation to create organisation alignment for decision-making and delivery of quality outcomes.
Proficiency Level Description: 1 Identifies functions that need to be engaged; Knows which other functions will be affected by own plans. Includes the smallest effective number of people in the decision-making process.
|
|
Additional Job Dimensions
|
|
Business accountability: Impact on end result*
|
Shared - Jointly accountable with peers in our outside immediate department
Description or examples: Hardware/software upgrades, redundancy, IT infrastructure/security are developed in collaboration with group and vendor counterparts.
|
|
Internal relationships*
|
Business area: Business areas that use the PC’s, Servers and Networks in the supported portfolio
Job: Employees and line managers
Nature of relationship: Contribute to their service delivery
Sphere of influence: Limited to their department only
Description or examples: Engaging on hardware or network issues that could affect their ability to work or their clients.
Business area: Group technology teams
Job: Production support colleagues
Nature of relationship: Provide and receive a service
Sphere of influence: Impact the whole functional area
Description or examples: Collaborate on new developments, escalating issues on group connectivity or hardware issues.
|
|
External relationships*
|
Role type of external contact: Security Officers/Manager at Group level
Nature of relationship: Manage the relationship
Description or examples: Regular proactive engagement to ensure that the standard of service provision is as expected and to allow easy access to the right resources for IT security incident resolution.
|
|
Accountability for problem solving*
|
Degree of guidance received to solve problems:
Clearly Defined - Policies, principles, readily available direction
Description or examples: Group policies and standard operating procedures define the way the data centre, hardware, telephony and networks need to be maintained and governed, but the local installations are locally owned and the job holder will have to apply the policies in a local context.
Degree of original thought required to solve problems:
Variable - Differing situations within boundaries of experience
Description or examples: Issues and incidents will vary.
|
|
Accountability for planning of activities*
|
Integration of functions that are similar
Description or examples: The role holder is accountable for oversight of the end to end IT infrastructure support.
|
|
Discretion allowed for decision making*
|
Regulated - Closely defined procedures, manager review of progress and results
Description or examples: Processes and policies are defined.
|
|
Work environment*
|
Working Conditions 1: Night work may be required
Working Conditions 2: Rest of Africa travel may be required
Physical Requirements: No specific physical requirements
|
|
III. COMMENT POSTULER?
|
|
Les personnes intéressées sont priées d’adresser leurs candidatures par e-mail à l’adresse électronique info@standardbank.cd en reprenant l’intitulé du poste en objet de leur e-mail.Les dossiers comprendront uniquement une lettre de motivation ainsi qu’un Curriculum Vitae détaillé à jour renseignant les numéros de téléphone et adresses e-mails d’au moins trois personnes de référence.
Seuls les candidats de nationalité congolaise remplissant les critères susmentionnés seront considérés pour la suite du processus.
La date de clôture pour la réception des candidatures est fixée au vendredi 27 septembre 2019 à 17h00’.
La Direction des Ressources Humaines
|
