Financial Crime World

Senior Management’s Key Responsibilities in Cybersecurity

In order to strengthen its cybersecurity posture, [Institution] has outlined key responsibilities for its Senior Management team. These responsibilities aim to ensure effective management of cyber and information security risks within the institution.

Creating an Institutional Framework

The Senior Management team is responsible for creating an institutional framework for managing cyber and information security risks, as well as overseeing its implementation and maintenance. This includes:

  • Formulating policies on outsourcing, survivability, backup and recovery from cyber incidents and disaster events
  • Allocating necessary resources for the institutional cybersecurity framework and policies

Monitoring and Reporting

The team must also:

  • Hold biannual meetings to monitor and control the implementation of cybersecurity activities
  • Receive quarterly and ad-hoc reports on cyber and information security threats
  • Identify significant cyber and information security incidents and analyze their corporate implications
  • Determine the types of incidents necessitating immediate notification
  • Assign a member to act as Director of Cyber and Information Security (DCIS)

Appointing Key Positions

Senior Management will be responsible for:

  • Appointing a Chief Information Security Officer (CISO)
  • Determining the CISO’s powers, responsibilities, and authority in the institution
  • Promoting inter-institutional collaboration on cybersecurity defense

Internal Audits

The institution has emphasized the importance of internal audits in ensuring effective cybersecurity management. According to the guidelines:

  • An internal independent unit will be responsible for auditing cybersecurity
  • The Senior Management team must allocate necessary resources for implementing the auditing processes
  • All aspects of cybersecurity management will be audited at least once a year or in line with the risk-based audit approach of the institution

Audit Findings and Reports

The audit findings on cyber and information security risks will be reported to the Board and Senior Management, and the team will discuss the Audit Reports.

Chief Information Security Officer (CISO) Responsibilities

The guidelines have outlined key responsibilities for the CISO:

  • Advising Senior Management and the Board on cybersecurity management
  • Formulating an institutional methodology for managing cyber and information security risks
  • Developing and updating specific and general work procedures for realizing the institution’s cybersecurity policy
  • Developing and submitting to Senior Management and the Board for approval a Cybersecurity Policy that outlines the institution’s approach to managing cyber and information security risks