Job vacancy: Senior Manager within Cyber Security and ICT Risk
Job code: CSI/002/19
About Cyber Security and ICT Risk:
The Cyber Security and ICT risk function provide specialist services and support to Authorisation and supervision teams at the Authority across all financial sectors as part of the overall supervisory framework. It is responsible for the assessment of fit and proper cyber security posture, ICT strategic alignment to Business strategy, ICT governance, and general ICT risk profile, exposures and controls of Licenced Holders and applicants seeking Authorisation based on established regulatory frameworks, technical standards and guidelines.
The function, therefore, provides the necessary technical risk assessments and guidance as part of the Authority’s holistic risk-based supervision model. It also supports the development of policy and supervisory work related to cyber security and ICT risk. Furthermore, the function provides technical support and coordination in terms of cyber security forensics, supervisory investigations or enforcement actions as required.
- Reporting to the Head (Cyber security and ICT risk), the team will leverage your expertise in the area of ICT governance, ICT strategic development, and general ICT risk profile management, for ongoing supervisory reviews and assessments based on established regulatory frameworks, technical standards and guidelines;
- You will carry out on-site and off-site reviews and conduct meetings with in-house and external auditors of Licence Holders as necessary, as well as managing analysts reporting to you and supervising their work;
- You will also review and follow-up on issues identified through external auditors’ management letters to Licence Holders or applicants under consideration for Authorisation;
- Your role may also involve active participation in investigations or enforcement actions in close collaboration with other supervisory teams;
- You will also actively support the ongoing development of policy and guidelines across all supervisory sectors and collaborate with other stakeholders on cross-sectorial security awareness and education campaigns.
Other Important Information:
- We are looking for candidates with a bachelor’s degree in computer information systems or information technology at MQF level 6 or higher, as well as five years’ work experience in IT risk management or audit. You will have professional certification such as CISA or CRISC;
- You will have professional experience in the use of IT audit frameworks such as COBIT and ISO, while ideally having had direct prior experience in IT operations, management of Information Systems and/or software development. The ideal candidate would also have a good grasp of IaaS, SaaS and PaaS Cloud Service Models.
Candidates are to forward a copy of their Curriculum Vitae (C.V.) and an accompanying covering letter providing the motivation for the application.
The MFSA is an Equal Opportunities Employer as certified by the NCPE (National Commission for the Protection of Equality) and is committed to a policy of equal opportunity in all aspects of employment and will take care to avoid any form of discrimination in its recruitment procedures. The MFSA reserves the right to withdraw this call at any time and not to select any of the Candidates.
It is the responsibility of applicants in possession of qualifications awarded by Universities and other similar institutions outside Malta to produce a recognition statement on the comparability of qualifications issued by the Malta Qualifications Recognition Information Centre (MQRIC). Applicants should do so preferably at the application stage or otherwise at the preliminary interview should an applicant be selected for such an interview. Details can be obtained by accessing the National Commission for Further and Higher Education website under MQRIC heading.
The MFSA shall ensure that any processing of personal data is in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation), the Data Protection Act (Chapter 586 of the Laws of Malta) and any other relevant European Union and national law. For further details, you may refer to the Data Protection Policy on the MFSA webpage.
Candidates are to note that the submission of any false statement/s or omission, even if unintended, may lead to the cancellation of their application and may render the candidate's appointment liable to termination.
Furthermore, please note that candidates may be asked to submit any documentation in support of the information provided, including but not limited to, proof of qualifications and Police Conduct Certificates.
Malta Financial Services Authority:
The Malta Financial Services Authority (MFSA) is the single regulator for financial services in Malta. It was established by law on 23 July 2002 taking over supervisory functions previously carried out by the Central Bank of Malta, the Malta Stock Exchange and the Malta Financial Services Centre. The Authority is a fully autonomous public institution and reports to Parliament on an annual basis.