Officer, Information Security and Cybersecurity

Reports to: Head, Information Security and Cyber Security
Department: Information Security & Cybersecurity
Job Grade: Banking Officer  or below, depending on structure
Job Objective:
To support the implementation and operationalization of the Bank’s cybersecurity and information security framework. Acts as the relief/back-up officer to the HOD in times of absence and assists in maintaining the Bank’s compliance posture, incident readiness, and security culture.


Key Duties & Responsibilities
 • Assist in implementing the Bank’s Cyber and Information Security framework and policies.
 • Coordinate and monitor ongoing cybersecurity risk assessments with business units.
 • Conduct vulnerability assessments, support VAPT exercises, and track remediation efforts.
 • Monitor day-to-day cybersecurity threats, incidents, and provide first-level analysis and reporting.
 • Support the HOD in preparing reports to the Board, BRCC, and BRMC.
 • Maintain and update the institution’s security documentation and procedures.
 • Monitor and report on the effectiveness of implemented cyber controls and indicators.
 • Manage security awareness campaigns and coordinate staff training efforts.
 • Actively monitor threat intelligence platforms for new cyber threat developments.
 • Coordinate cyber readiness exercises, including department-level simulations.
 • Maintain operational aspects of compliance certifications (e.g., ISO 27001, PCI DSS).
 • Assist in third-party and vendor cybersecurity assessments.
 • Track regulatory changes and assist in internal compliance alignment.
 • Maintain updated logs and records of incidents, risks, and remediation.
 • Maintain the Bank’s data protection register and support data privacy efforts.
 • Support the onboarding and offboarding of users in key information systems.
 • Serve as secretary and administrator to the Cyber-Incident Response Team.

Key Performance Indicators (KPIs)
 • Timeliness and accuracy of incident detection and escalation.
 • Completion of periodic vulnerability scans and prompt remediation tracking.
 • Compliance with internal policies and external cybersecurity regulations.
 • Timely and quality input into board and management cyber reports.
 • Execution and documentation of quarterly cyber readiness exercises.
 • Awareness program delivery and training participation metrics.
 • Reduction in recurring security incidents and audit findings.


Qualifications & Experience
 • Bachelor’s degree in Computer Science, Information Security, or a related discipline.
 • Minimum of 2 years of relevant experience in information or cyber security.
 • Certifications such as CompTIA Security+, CISM, CISSP, ISO 27001 Lead Implementer (added advantage).

Key Competencies
 • Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001).
 • Good knowledge of financial sector regulations and Bank of Ghana directives.
 • Basic to intermediate experience with incident response, risk assessments, and monitoring tools.
 • Strong analytical and documentation skills.
 • High sense of responsibility, confidentiality, and integrity.
 • Ability to work independently and as a team member in a high-stakes environment.