RESPONSIBILITIES

• Oversee IT security risk and vulnerabilities management for the Bank.
• Develop the bank security strategy and roadmap.
• Establish and implement security-related policies and guidelines.
• Own the information security initiatives for the IT Division.
• Design and build the security practice and the organization’s security architecture.
• Provide leadership in project(s) to ensure “security design” principles and approaches are incorporated into IT systems.
• Manage and report on IT/cyber security vulnerabilities and risks. Including performing periodic IT security control testing, (e.g., vulnerability testing, risk analysis and security assessments) are carried out and remediate gaps identified within a defined timeframe.
• Perform PCI-DSS Assessments and fulfill PCI-DSS obligations for current and new projects and systems.
• Conduct IT security awareness through regular publishing of monthly security updates/bulletins and training (e.g., brown bags) to improve IT security knowledge of users and IT staff. Provide advice and consultancy on security risks and controls.
• Manage IT/ Cyber security incidents and liaise with various IT functions, Risk and Compliance, and business users.
• Direct external vendors/investigators in conducting electronic discovery and digital forensic investigations when required.
• Participate and work with other high-level executives to establish disaster recovery (DR) and business continuity plans.
• Develop and monitor a comprehensive cybersecurity program.
• Establish a cybersecurity risk management process.
• Establish a metric and reporting framework.
• Establish and build internal and external relationships.
• Monitor the external threat environment and advise on appropriate actions.
• Develop and implement incident response processes and policies.

REQUIREMENTS

1. Educational Qualifications:

• Bachelor in IT/Computer Science & CISSP/CISA (preferred)
• Other higher qualifications/ certificates are a bonus

2. Relevant Knowledge/ Expertise:

• Strong technical skills in one or more of the following: network, application and operating system security and hardening, vulnerability assessments and penetration testing, TCP/IP suite, firewalls, Security
• Information & Event Management (SIEM), Data Loss Protection (DLP), Intrusion detection systems, log review, incident management)
• Knowledge in Security compliance, in particular PCI-DSS.
• Knowledge of ISO 27001/2 information security standards
• Knowledge of current IT industry trends.
• Knowledge and understanding of relevant legal and regulatory requirements.
• Knowledge of common information security management frameworks.

3. Relevant Experience:

• Strong technical skills in one or more of the following: network, application and operating system security and hardening, vulnerability assessments and penetration testing, TCP/IP suite, firewalls, Security Information & Event Management (SIEM), Data Loss Protection (DLP), Intrusion detection systems, log review, incident management)
• Knowledge in Security compliance, in particular PCI-DSS.
• Knowledge of ISO 27001/2 information security standards
• Knowledge of current IT industry trends.
• Knowledge and understanding of relevant legal and regulatory requirements.
• Knowledge of common information security management frameworks.