Division Manager Cybersecurity

African Development Bank

THE BANK:

Established in 1964, the African Development Bank (AfDB) is the premier pan-African development institution, promoting economic growth and social progress across the continent. There are 81 member states, including 54 in Africa (Regional Member Countries).  The Bank's development agenda is delivering the financial and technical support for transformative projects that will significantly reduce poverty through inclusive and sustainable economic growth. In order to sharply focus the objectives of the Ten-Year Strategy (2024-2033) and ensure greater developmental impact, five major areas, all of which will accelerate our delivery for Africa, have been identified for scaling up, namely, energy, agro-business, industrialization, integration and improving the quality of life for the people of Africa.

THE COMPLEX:

The Vice-Presidency, Technology and Corporate Services (TCVP) is responsible for the design, development and delivery of efficient, people-centered, client-oriented, corporate services and information-technology solutions to ensure overall institutional effectiveness in all aspects of the Bank's corporate services. The Complex provides leadership in the formulation and implementation of Bank's strategies, policies, controls and approaches on organizational information technology systems, software applications, cyber security, IT support and infrastructure systems. The Complex is also responsible for management of the Bank's real estate assets, institutional procurement, language services and business continuity

THE HIRING DEPARTMENT/DIVISION:

The Corporate Information Technology Services (TCIS) Department's mission at the Bank is to align the digital strategy and delivery model with the Bank's business strategy to increase organizational effectiveness by efficiently using emerging technologies and digital transformation. Under the leadership of its Senior Director, TCIS is mandated by the Bank to deliver the best IT services for the Bank's operations to accomplish its mission of spurring sustainable economic development and social progress in its regional member countries, contributing to poverty reduction.

The Cybersecurity Division (TCIS.6) is responsible for safeguarding the Bank's digital infrastructure, systems, and data through proactive security measures, risk management, and advanced threat mitigation. The Division ensures continuous monitoring, detection, and response to cybersecurity incidents while enforcing robust security policies and frameworks TCIS.6 leads security architecture design, vulnerability management, and compliance enforcement, ensuring that all IT assets and services adhere to industry best practices and regulatory requirements. The Division also plays a critical role in cyber-resilience and disaster recovery planning, ensuring uninterrupted business operations in the face of emerging threats. Through strategic vendor partnerships and cutting-edge security technologies, TCIS.6 continuously strengthens the Bank's cybersecurity posture, ensuring a secure, resilient, and compliant digital environment.

THE POSITION:

The Division Manager, Cybersecurity, will lead the division in safeguarding the Bank's digital infrastructure, systems, and data by proactively managing risks and implementing advanced threat mitigation strategies. She/He ensures that effective security policies, processes, technologies, and practices are in place to manage risk, protect assets, and respond to evolving cyber threats. This role involves overseeing continuous monitoring, detection, and response to cybersecurity incidents while enforcing robust security policies and frameworks. Additionally, she/he will be instrumental in shaping cyber-resilience and disaster recovery plans to guarantee uninterrupted business operations amid emerging threats.

The Division Manager Cybersecurity provides strategic direction and operational oversight to the Cybersecurity Operations Centre (CSOC) and Cybersecurity Incident Response Team (CSIRT), ensuring 24/7 monitoring, rapid incident response, and proactive threat intelligence capabilities. In collaboration with technology and business stakeholders, the Division Manager also oversees Security Engineering & Architecture, ensuring the development and continuous improvement of security strategies, architectures, and frameworks that embed security-by-design principles across AfDB's IT landscape. She/He leads Security Administration & Operations, ensuring the effective management of all security technologies, services, and processes, including identity and access management, policy enforcement, and compliance monitoring. Finally, the Division Manager Cybersecurity spearheads the Threat & Vulnerability Management function, implementing a risk-based vulnerability management program that ensures all digital assets are regularly scanned, monitored, and secured. 

As a key advisor to senior management, the Division Manager Cybersecurity plays a pivotal role in shaping the Bank's cybersecurity strategy, fostering a culture of continuous improvement, and ensuring the Bank maintains a secure, resilient, and compliant digital environment. Through close partnerships with internal teams, external vendors, and industry experts, the Division Manager ensures the Bank remains at the forefront of cybersecurity innovation and best practices.

KEY FUNCTIONS:

Under the leadership of the Senior Director, TCIS, the Division Manager Cybersecurity's duties include the following:

Cybersecurity Operations & Incident Response

- Oversee the Cybersecurity Operations Centre (CSOC) and Cybersecurity Incident Response Team (CSIRT), ensuring 24/7 monitoring, detection, and response to cyber threats.
- Develop, document, and operationalize the Bank's Incident Response Plan, ensuring clear escalation pathways and well-defined roles and responsibilities.
- Define and enhance incident handling procedures for all levels in CSOC/CSIRT, ensuring clarity in roles and response protocols.
- Establish a purple teaming program to simulate real-world attacks and continuously test and refine incident response capabilities.
- Develop and automate incident response playbooks to enhance detection, investigation, and rapid containment of cyber incidents.
- Integrate external threat intelligence feeds into the Bank's security tools to enable proactive detection and response.
- Develop and operationalize a Threat Modelling & Threat Hunting Strategy, proactively identifying high-priority cyber threats
- Develop a SOC Target Operating Model, defining key detection and response capabilities required to defend against emerging cyber threats
Security Engineering, Architecture & Technology Strategy

- Develop and maintain the Security Engineering & Architecture Strategy and roadmap, ensuring alignment with the Bank's IT strategy and industry best practices.
- Ensure that the Bank's security architecture supports a Zero Trust and Cybersecurity Mesh approach, enhancing security across cloud, network, application, and endpoint environments.
- Drive the integration of security-by-design principles into IT projects, working closely with Enterprise Architecture, DevOps, and Application Development teams.
- Oversee the evaluation, consolidation, and optimization of security tools (including Microsoft Defender Suite, CrowdStrike, Mimecast, and others) to enhance security capabilities while driving cost efficiency.
- Establish metrics to assess the effectiveness and maturity of security engineering and architecture practices.
Threat & Vulnerability Management

- Develop and maintain the Threat & Vulnerability Management Strategy, aligning with risk management objectives.
- Ensure all Bank assets are continuously monitored for vulnerabilities, leveraging tools like Defender Vulnerability Management and Rapid7.
- Implement a risk-based vulnerability management framework, ensuring prioritized remediation based on asset criticality and threat intelligence.
- Work with IT and business teams to remediate vulnerabilities, retire end-of-life systems, and maintain a Secure Score above 90%.
- Oversee external attack surface management, ensuring proactive identification and closure of public-facing vulnerabilities.
- Partner with security operations teams to validate remediation through continuous Breach & Attack Simulation (BAS) testing.
Security Administration & Operations Management

- Develop and maintain the Security Operations Strategy, ensuring alignment with the Bank's governance framework and IT strategy.
- Ensure effective administration of all security technologies, including firewalls, endpoint security, identity and access management (IAM), and encryption services.
- Define and enforce Service Level Agreements (SLAs) and Operational Level Agreements (OLAs) for all security services, ensuring alignment with business expectations.
- Oversee the management of certificates, licenses, and cryptographic keys, ensuring their integrity and timely renewal.
- Collaborate with IT governance teams to track and remediate audit findings, security gaps, and compliance deviations.
- Manage the transition of security initiatives from project to full operational deployment, ensuring sustainability.
Compliance, Risk & Continuous Improvement

- Lead and drive continuous compliance with the Bank's technical security policies, regulatory requirements, and industry best practices.
- Work with internal audit, risk management, and compliance teams to address cybersecurity audit findings and improve risk posture.
- Continuously enhance security processes, leveraging automation, artificial intelligence, and innovative technologies to improve operational efficiency and effectiveness.
- Develop and track performance metrics (Key Performance Indicators and Key Risk Indicators) to assess the Bank's security posture and drive continuous improvement across the division.
Leadership, Stakeholder Engagement & Advisory

- Provide expert cybersecurity advice and guidance to senior management, IT leadership, and business stakeholders, ensuring security considerations are embedded in strategic decisions.
- Foster a culture of security awareness and accountability across the Bank through regular engagement and communication.
- Establish and maintain strong relationships with external partners, Managed Security Service Providers (MSSPs), and vendors to ensure the Bank benefits from the latest security technologies, threat intelligence, and best practices.
- Promote psychological safety and a collaborative culture within the division, ensuring teams are empowered to escalate concerns and contribute ideas for continuous improvement.

COMPETENCIES (skills, experience and knowledge):

- Master's degree in Information Security, Computer Science, Information Technology, or related fields with at least eight (8) years progressive experience of which at least three (3) years should have been in a cybersecurity leadership roles, including management of security operations, engineering, architecture, and compliance functions.
- Relevant professional certifications, such as CISSP, CISM, CISA, GIAC, or similar, are highly desirable.
- Proven track record of developing and executing cybersecurity strategies in a large, complex organisations or IT environment, ideally in the financial or international development sectors.
- Experience in leading Security Operations Centres (SOC), incident response teams, and vulnerability management programs.
- Strong background in security architecture design, integrating security into DevSecOps practices, and optimizing the security technology stack.
- Proven experience with Information Security and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST Cybersecurity Framework, GDPR, and Cloud Security Alliance (CSA) principles, COBIT and COSO Frameworks.
- Experience in managing vendor relationships and optimizing services provided by MSSPs and technology partners.
- Strong understanding of industry and technology leading practices, emerging technologies, behavioral analytics and AI/ML and how to apply them to drive cyber, digital and business transformation.
- Extensive experience implementing lean process design. Scaled Agile Framework (SAFE) certification is a plus.
- Excellent communications, storytelling and stakeholder management skills, with the ability to convey complex security concepts to non-technical audiences.
- Advanced knowledge and experience in security architecture, cybersecurity, protecting sensitive information, security engineering and operations, security incident response and forensics, and operating a 24x7 information security operations center.
- Hands-on understanding of security technologies across network security, cloud security, endpoint protection, identity management, and threat intelligence.
- Demonstrated success leading and executing information security and IT risk management strategies and implementing enterprise-wide IT security technologies.
- Strategic thinking with the ability to align cybersecurity initiatives to broader organizational objectives.
- Strong leadership and team management skills, with a proven ability to develop talent and foster a collaborative, high-performance culture.
- Proven ability to effectively partner with business stakeholders to build strong partnerships, foster good governance, ensure strategic business/IT alignment, and transform relationships at the senior level.
- Strong collaborator with outstanding interpersonal and diplomatic skills, including the ability to facilitate, negotiate, and influence for successful outcomes. Ability to influence decision makers through collaboration, education, and working partnerships.
- Strong analytical and problem-solving skills, with the ability to balance technical requirements, risk management, and business priorities.
- Experience managing risk using advanced metrics and risk quantification.
- A deep passion for the mission of the AFDB.
- Ability to communicate effectively (written and oral) in English or French, with a working knowledge of the other.

______________________________________________________________________

Important Application Information:
Please submit your application only via the official website of the hiring organization or by using the "Apply" button on CinfoPoste, which will redirect you to the organization's application site. Applications submitted through other job portals will not be forwarded to the respective organization and will not be considered. To ensure your application reaches the right destination, always follow the official application process as indicated in the job posting.

How cinfo Can Support You in the Application Process for This Position

- Application and Interview Preparation: Whether you're preparing your application documents or getting ready for an interview, you can book a Job Application Support session to receive tailored guidance.
- For Swiss nationals invited to the first round of the selection process (e.g., written test, interview, assessment center): Notify us at recruitment@cinfo.ch, and we will inform our HR partners in the respective organization and the Swiss Government to help increase your visibility.
______________________________________________________________________

Secteur: Services sociaux et pour la communauté/Associations à but non lucratif

Poste: Autre

Taux d'occupation: 80-100% / 100%

Type d'emploi: Staff (Permanent and Fixed Term)

---