BRAC Bank one of the most sustainable banks in Bangladesh. Established with a view to financial inclusion, BRAC Bank is the pioneer of SME Banking in Bangladesh, delivering a full array of banking services to individuals and business entities. Its strong financials, along with the best credit rating from the top global and local rating agencies and numerous recognitions, speak of the bank's aspiration towards becoming the best bank in the country.

BRAC Bank is currently looking for an ambitious, intelligent, goal-oriented, enthusiastic individual for the following position in its Risk Management Division:

Senior Manager/ Manager, GRC and Data Security

Employment Type: Full Time

KEY RESPONSIBILITIES:

The purpose of this role is to ensure governance, risk management and compliance of ICT/ information security initiatives, and data security within the bank through:

  • Contribute to the information security vision and programming to include policy creation, training, and risk assessment to ensure information assets and technologies are adequately protected;
  • Implement security controls, risk assessment framework, and programs that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances BRAC Bank’s business objectives; contribute to data security and privacy; manage data security tools;
  • Evaluate risks and develop security standards, procedures, and controls to manage risks; improve bank’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities;
  • Implement processes, such as GRC (Governance, Risk, and Compliance), to automate and continuously monitor information security controls, exceptions, risks, and testing;
  • Update security controls and provide support to all the stakeholders on security controls covering internal assessments, regulations, protecting Personally-Identifying Information (PII) data, Payment Card Industry Data Security Standards (PCI DSS), ISO, and Payment partners (Visa, Mastercard, JCB, SWIFT, etc.);
  • Perform and investigate internal and external information security risks and exceptions; assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks;
  • Document and report control failures and gaps to stakeholders; provide remediation guidance and prepare management reports to track remediation activities;
  • Train, guide and act as an internal resource on Information Security functions to other departments; interact in both oral and written communications with all levels of internal stakeholders and work with internal/external auditors and outside consultants as appropriate on required security assessments and audits; manage the security awareness training programs and strategies to address awareness and training for all stakeholders;
  • Knowledge of best practices and technological advancements; perform other duties as assigned to ensure the smooth functioning of the department and reputation of the bank.

KEY QUALIFICATIONS:

  • Graduate from a reputed university in a relevant subject and related fields is required;
  • Certifications in CISM/ CISSP/ CCISO, CISA/ LI27001, CEH/ CPEH, CPT/ LPT, ITIL/ COBIT/ CMMC/ GIAC, and CRISC/ CGEIT preferred;  
  • At least 10 years of experience in an information security environment with 5+ years in a supervisory or management role; governance, risk, and compliance leadership experience are strongly preferred;
  • Knowledge of information security risk management frameworks, and compliance practices, including ISO 27005, ISO 22301, ISO 27001/2, GDPR, and NIST 800-30;
  • Ability to understand and translate pre-established policies, standards, and compliance regulations and produce tactical, operational procedures;
  • Ability to understand and apply assessment and audit components to security controls that measure performance, reliability, and compliance; 
  • Knowledge of banking systems is preferred; 
  • Excellent client-facing and internal communication skills;
  • Positive-minded and adaptive to change;
  • Expert in customer centricity and self-propelled.

BRAC Bank is a values-driven organization and believes in protecting all its stakeholders, including the employees and the community we work with, from all forms of harassment, abuse, neglect, exploitation, and discrimination. As an equal opportunity employer, BRAC Bank encourages applications from any gender-diverse individuals and persons with disabilities. We consider personal persuasion as disqualification of candidature

If you are interested in taking up the challenge, please 'Apply Online'. 

Only short-listed candidates will be communicated for the next stage as per the recruitment process. BRAC Bank reserves the right to accept or reject any application without assigning any reason whatsoever.

BRAC Bank does not charge any fee at any stage of the recruitment process.

Application Deadline: June 25, 2022