The Information Security Officer will assist the Chief Information Security Officer (CISO) to monitor and enforce information security policies to protect the bank’s computing infrastructure, networks and data whilst maintaining the confidentiality, integrity and availability of information assets

Key Responsibilities / Accountabilities

• Ensure protection of information assets
• Implement key regulatory and compliance requirements
• Review the security measures of networks, systems and applications to detect vulnerabilities
• Remediate security incidents
• Provide guidance on information security topics, policies and controls
• Participate in development and implementation of appropriate and effective controls to mitigate identified threats and risks
• Perform regular patch and access control management
• Ensure that disaster recovery and business continuity plans are in place and tested regularly
• Ensure the data protection policies are established and implemented
• Ensure secure software development life cycle (SDLC)
• Perform Application Security Testing
• Perform data classification and protection
• Ensure network, systems and database security
• Perform policy and procedure formulation
• Carry out training and awareness and perform process review
• Perform security reporting and documentation
• Disaster recovery, business continuity and incident response planning.

Qualification Required & Experience

• A minimum of a First Degree in Information Technology / Computer Science/ Computer Engineering/Information Security or in a related field and at least 5 years of post-qualification experience in a relevant field in a banking environment
• Membership of a recognised professional body will be an advantage
• ISO 27001: Lead Implementer is preferred

Knowledge and Skills

• Knowledge of IT, process and control and strong understanding of risk and control frameworks such as (COBIT, ISO, NIST, ITIL, PCI-DSS)
• Proficiency with Database (MySql, Oracle, Sql) and Database activity monitoring/firewalls
• In-depth knowledge of systems architecture, engineering and operations of at least one enterprise SIEM platform
• Experience with vulnerability scanning solutions
• Hands-on experience in analysing high volumes of logs and network data in support of incident investigations
• Understanding of mobile technology and OS (ie Android, iOS, Windows), SAN, Virtualization platforms
• Knowledge of multiple operating systems and applicable system administration skills: Windows Server/Active Directory and Linux
• Programming or scripting background (Python, PowerShell, Java, Shell/BASH, C, C++, etc) is highly recommended
• High level of integrity analytical and result-oriented
• Good communication skills (written and oral)
• Experienced with ISO 27001 and PCI DSS requirements including implementation
• Must be a team player and willing to continously develop skills