RESPONSIBILITIES
- Oversee IT security risk and vulnerabilities management for the Bank.
- Develop the bank security strategy and roadmap.
- Establish and implement security-related policies and guidelines.
- Own the information security initiatives for the IT Division.
- Design and build the security practice and the organization’s security architecture.
- Provide leadership in project(s) to ensure “security design” principles and approaches are incorporated into IT systems.
- Manage and report on IT/cyber security vulnerabilities and risks. Including performing periodic IT security control testing, (e.g., vulnerability testing, risk analysis and security assessments) are carried out and remediate gaps identified within a defined timeframe.
- Perform PCI-DSS Assessments and fulfill PCI-DSS obligations for current and new projects and systems.
- Conduct IT security awareness through regular publishing of monthly security updates/bulletins and training (e.g., brown bags) to improve IT security knowledge of users and IT staff. Provide advice and consultancy on security risks and controls.
- Manage IT/ Cyber security incidents and liaise with various IT functions, Risk and Compliance, and business users.
- Direct external vendors/investigators in conducting electronic discovery and digital forensic investigations when required.
- Participate and work with other high-level executives to establish disaster recovery (DR) and business continuity plans.
- Develop and monitor a comprehensive cybersecurity program.
- Establish a cybersecurity risk management process.
- Establish a metric and reporting framework.
- Establish and build internal and external relationships.
- Monitor the external threat environment and advise on appropriate actions.
- Develop and implement incident response processes and policies.
REQUIREMENTS
1. Educational Qualifications:
- Bachelor in IT/Computer Science & CISSP/CISA (preferred)
- Other higher qualifications/ certificates are a bonus
2. Relevant Knowledge/ Expertise:
- Strong technical skills in one or more of the following: network, application and operating system security and hardening, vulnerability assessments and penetration testing, TCP/IP suite, firewalls, Security
- Information & Event Management (SIEM), Data Loss Protection (DLP), Intrusion detection systems, log review, incident management)
- Knowledge in Security compliance, in particular PCI-DSS.
- Knowledge of ISO 27001/2 information security standards
- Knowledge of current IT industry trends.
- Knowledge and understanding of relevant legal and regulatory requirements.
- Knowledge of common information security management frameworks.
3. Relevant Experience:
- Strong technical skills in one or more of the following: network, application and operating system security and hardening, vulnerability assessments and penetration testing, TCP/IP suite, firewalls, Security Information & Event Management (SIEM), Data Loss Protection (DLP), Intrusion detection systems, log review, incident management)
- Knowledge in Security compliance, in particular PCI-DSS.
- Knowledge of ISO 27001/2 information security standards
- Knowledge of current IT industry trends.
- Knowledge and understanding of relevant legal and regulatory requirements.
- Knowledge of common information security management frameworks.