Job Purpose
Provide cyber and application security services to the Information Technology department by ensuring adequacy and effectiveness of cyber security controls; protecting the bank against various cyber-attacks; ensuring application level security controls are in place and are effective; performing various risk assessments at application level including application vulnerability scans and facilitation of penetration tests.
Key Responsibilities/Accountabilities
Compliance and Control- Ensuring compliance of logical access management standards and best practice bank wide.
- Creating and maintaining a deep dive control remediation process and register.
- Reviewing, implementing and maintaining line of business specific controls for business units.
- Ensuring that production environment is hardened and compliant to bank standards.
Testing
- Conducting digital footprint scanning and ensuring remediation.
- Conducting penetration testing and risk assessments for applications.
- Ensuring remediation of findings from audit, penetration, gap analysis and risk assessment reports.
- Maintaining and ensuring testing of cyber security incident response plans.
- Ensuring that endpoint detection and response tools are deployed bank wide and functional.
- Ensuring, maintaining and reviewing logging for all bank critical systems.
Awareness
- Developing cyber security awareness by providing orientation, educational programs, and on-going communication.
- Conducting external dependency management for third parties.
Preferred Qualification and Experience
- A Bachelor’s Degree in Computer Science, Information Technology or related fields
- Certification/Active Membership of a professional organisation will be an added advantage.
- Security or IT controls related qualifications.
- Technically competent with broad knowledge of systems management/development/implementation methods and user support at the second level
- At least four years’ experience in any of the following areas: IT security, Infrastructure, Technical, support, Systems Administration, Applications support, Electronic Banking/Channels Support, Programming, Database Administration, Systems Analysis
- At least three years supervisory experience
- Banking/financial industry experience would be an added advantage
Knowledge/Technical Skills/Expertise
- Regularly review risks and security policy, standards and ensure compliance thereof
- Identify areas that may be prone to cyber risks and resolve accordingly
- Track and manage remediation of findings from audit, penetration, gap analysis and risk assessment reports
- Update/review of cyber security incident response plan in conjunction with IT Security manager
