Information Security Senior Analyst
Division: Risk Management Division
Department: Information Security
Job Summary:
To primarily implement security audits within the Bank by following the approved security policies, and ensure the audits findings are closed immediately by following the approved escalation process. To ensure the operational environment remains secure and in line with approved security policies and framework.
Duties & Responsibilites:
– Preparing MIS Trackers, Reports and Dashboards for the management
– Perform Information security risk assessment against industry standard security framework/policies for IT/IS risks
– Maintains security policies including administrative, personnel security, physical safeguards, technical security, and transmission security
– Oversees and assists in performing on-going security monitoring and audits within the Bank’s information systems and network activities
– Evaluate and recommend new information security technologies and counter-measure against threats to information or privacy
– Document, Approve and Progress the Implementation of the Information Security Awareness Program Employees & Customers
– Develop and report on program execution KPIs to the ISWG (IS workgroup) on monthly, quarterly and annual basis
– Liaise with different entities on security events such CBO, CDC. Etc.
– Liaise with different team members to deploy security controls recommended by vendors and Information security team
– Work closely with SOC team and Security assessment team
– Ensure all tasks are carried out according to Bank’s policies, procedures and standards
– Participate in information security related initiatives and projects as assigned or other duties as assigned
Minimum Qualifications & Experience Required:
– Minimum 3 years of related work experience
– Bachelor Degree in Information Security/IT or equivalent
– Preferred Professional Information Security Certification or equivalent
– ITIL v3(Information Technology Information Library)
– ISO/IEC 2013:27001 Lead Implementer
– CEH (Certified Ethical Hacking)