- Develop Enterprise wide Security Programs
- Manage and monitor the application security reviews, vendor/business associate security assessments, SOC team and VA/PT based on best practices.
- Diligent Log Monitoring/review of IT infrastructure changes/activities
- Developing strategies to handle security incidents and trigger investigations
- Develop security polices and procedures that provide adequatebusiness application protection
- Advanced understanding of business process, cyber control risk management, IT control and related standards.
- Managing the user access framework across the bank in line with best practices e.g. RBAC
Roles and Responsibilities :
- Built information security management system (ISMS) overseeing all IT security & compliance initiatives across all business units in local and regional branches from the ground up.
- Develop the enterprise security strategy, manage security projects and oversee the implementation of processes and methods for auditing and addressing non-compliance to information security standards
- Ensure the development and implementation of the Bank’s information security policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives.
- Monitor compliance with the Bank’s information security policies and procedures and referring issues noted to appropriate divisional/ departmental heads.
- Carry out all information security and business impact assessment for different business function includning the change management requests.
- ensuring proper protection for all physical and technical aspects of the organization.
- Act as the organization’s representative when dealing with lawenforcement agencies while pursuing the sources of network attacksand information theft by employees.
- Balance security needs with the organization’s strategic business plan,identify risk factors, and determine solutions to both.
- Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements.
- Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
- Complying with the latest regulations and compliance requirements
- Championing and educating the organisation about the latest security strategies and technologies
- Manage the log monitoring and SOC team with proper use cases development
- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
- Running information security risk assessments including threats and vulnerability matrix
- Delivering new security technology approaches and implementing next generation solutions
- Devising strategies and solutions to minimize the risk of cyber-attacks
- Managing the infosec budget and communicating this with the appropriate parties
- Compiles management reports, summary analysis, and detailed presentations to describe risk, controls, and security assessments.
- Demonstrate advanced understanding of business process, cyber control risk management, IT control and related standards.
- Structure Security strategy, and ensure that IT security is aligned with agreed business security policy
- Proactively manage the remediation of internal and external vulnerabilities
- Manage the execution of quarterly vulnerability assessments, semi-annual penetration tests and security related audits/assessments
Educational Qualifications :
- Bachelor of Science in Information Technology.
- Professional Certification: CISSP, CCNP, CCSP, CISA, CISM, ITIL, CoBit,PMP,ISO 27001,PCI-DSS
- 10-15 years of related experience of which a minimum of 5-6 years should be in a similar position / responsibility, preferably in a similar Industry.
- Ability to demonstrate thorough understanding of current threats and exploits to include experience with threat detection, analysis, and remediation.
- Excellent understanding of vulnerability and configuration management compliance
- Experience and demonstrated expertise on Risk management to manage periodic Bank’s information risk assessments that identify current and future security vulnerabilities, determine what level of risk is acceptable to management, and identify the best ways to reduce information security risks to this acceptable level and notify management of residual risks.