JOB PURPOSE
Provide continuous independent assurance on the bank’s Information Security as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Bank Information Security Policy.
KEY RESPONSIBILITIES
Monitoring
Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
Ensure all systems interfaces are secured from any intrusion and all users’ activities are logged and users’ activities in systems are detailed and traceable.
Analysis
Periodically perform vulnerability assessments & penetration tests on Bank systems and technology, identifying vulnerabilities and recommendations on closure of these vulnerabilities.
Analysis of data from user and network monitoring to ascertain legitimacy of high priority activities noted.
Reporting
Actively review application, server, database, network logs and audit trails and report.
Provide and analyze departmental self-assessment reports on all systems controls to assist in focused controls.
Pro-actively and comprehensively provide guidance on tools required to effectively manage and control bank systems environment.
Be involved in providing forensic data to all reviewers i.e. investigators, analysts etc.
Review
Review all issues logged by users and analyze trends as relates to systems security management.
Initiate, facilitate and promote activities within the bank to create information security awareness to various groups of bank staff and stakeholders.
Be involved and provide security guidance during technology projects, systems deployment, upgrades and changes.
Continuous review of systems at all levels i.e. servers, applications, database, network devices etc., identify risks and make recommendations on closure of the risks.
Implementation
Manage all external parties’ access to bank infrastructure and systems and have detective measures for intrusion.
Ensure that the bank infrastructure network LAN / WAN is secure from any intrusion.
Establish and maintain the Bank’s Business Continuity Plan and Disaster Recovery Plan.
Spearhead a compliance program to achieve legal obligations and business goals by prioritizing initiatives and assessing the evaluation, deployment, and management of current and future technologies.
Establish and implement the Bank’s security documents (policies, standards, baselines, guidelines and procedures).
Enforce patches, version management and virus control.
Pro-actively enforce and plan to ensure all noted risks are mitigated and potential threats addressed immediately.
ACADEMIC BACKGROUND
Bachelor of Science degree in Computer Science, Information Technology/Systems or related field.
WORK EXPERIENCE
A minimum of three (3) years’ experience in IT with at least one (1) year experience in IT Security.
Awareness and exposure in IT security with experience working in financial institutions.
SKILLS & COMPETENCIES
Ability to use specialized tools and softwares to analyse, detect, investigate and report on various vulnerabilities and threats
Knowledge and experience with several relevant IT products i.e. SIEMs, DAMs/WAFs, Antivirus, Firewalls & Patch Management
Keen attention to detail with a time-conscious approach.
Ability to work under pressure in a competitive environment.
PROFESSIONAL CERTIFICATION
Relevant professional certifications.
Apply via :
sidianbank.co.ke