Officer, Information Security and Cybersecurity

Reports to: Head, Information Security and Cyber Security
Department: Information Security & Cybersecurity
Job Grade: Banking Officer  or below, depending on structure
Job Objective:
To support the implementation and operationalization of the Bank’s cybersecurity and information security framework. Acts as the relief/back-up officer to the HOD in times of absence and assists in maintaining the Bank’s compliance posture, incident readiness, and security culture.


Key Duties & Responsibilities
• Assist in implementing the Bank’s Cyber and Information Security framework and policies.
• Coordinate and monitor ongoing cybersecurity risk assessments with business units.
• Conduct vulnerability assessments, support VAPT exercises, and track remediation efforts.
• Monitor day-to-day cybersecurity threats, incidents, and provide first-level analysis and reporting.
• Support the HOD in preparing reports to the Board, BRCC, and BRMC.
• Maintain and update the institution’s security documentation and procedures.
• Monitor and report on the effectiveness of implemented cyber controls and indicators.
• Manage security awareness campaigns and coordinate staff training efforts.
• Actively monitor threat intelligence platforms for new cyber threat developments.
• Coordinate cyber readiness exercises, including department-level simulations.
• Maintain operational aspects of compliance certifications (e.g., ISO 27001, PCI DSS).
• Assist in third-party and vendor cybersecurity assessments.
• Track regulatory changes and assist in internal compliance alignment.
• Maintain updated logs and records of incidents, risks, and remediation.
• Maintain the Bank’s data protection register and support data privacy efforts.
• Support the onboarding and offboarding of users in key information systems.
• Serve as secretary and administrator to the Cyber-Incident Response Team.

Key Performance Indicators (KPIs)
• Timeliness and accuracy of incident detection and escalation.
• Completion of periodic vulnerability scans and prompt remediation tracking.
• Compliance with internal policies and external cybersecurity regulations.
• Timely and quality input into board and management cyber reports.
• Execution and documentation of quarterly cyber readiness exercises.
• Awareness program delivery and training participation metrics.
• Reduction in recurring security incidents and audit findings.


Qualifications & Experience
• Bachelor’s degree in Computer Science, Information Security, or a related discipline.
• Minimum of 2 years of relevant experience in information or cyber security.
• Certifications such as CompTIA Security+, CISM, CISSP, ISO 27001 Lead Implementer (added advantage).

Key Competencies
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001).
• Good knowledge of financial sector regulations and Bank of Ghana directives.
• Basic to intermediate experience with incident response, risk assessments, and monitoring tools.
• Strong analytical and documentation skills.
• High sense of responsibility, confidentiality, and integrity.
• Ability to work independently and as a team member in a high-stakes environment.