Your key responsibilities
- Enterprise IT Governance:Responsible for review of current and proposed information systems for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy
- Information security: Communicates information security risks and issues to business managers and others. Performs basic risk assessments for small information systems. Contributes to vulnerability assessments. Applies and maintains specific security controls as required by organisational policy and local risk assessments. Investigates suspected attacks. Responds to security breaches in line with security policy and records the incidents and action taken.
- Information content publishing: Understands technical publication concepts, tools and methods and the way in which these are used. Uses agreed procedures to publish content. Obtains and analyses usage data and presents it effectively. Understands, and applies principles of usability and accessibility to published information.
- Business risk management: Investigates and reports on hazards and potential risk events within a specific function or business area.
- Continuity management: Implements and contributes to the development of a continuity management plan. Coordinates the assessment of risks to the availability, integrity and confidentiality of systems that support critical business processes. Coordinates the planning, designing, and testing of maintenance procedures and contingency plans.
- Data management: Assists in providing accessibility, retrievability, security and protection of data in an ethical manner.
- Methods and tools: Provide support on the use of existing method and tools. Configures methods and tools within a known context. Creates and updates the documentation of methods and tools
Overall Responsibilities Summary:
- Make sure that all critical activities in application are monitored and logs are reviewed.
- Ensure appropriate controls onboarded and implemented where appropriate.
- Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools.
- Manage Internal and external application audits and Audit issue remediation activities.
- Completion of regular/recurring assessments
- Timely response to audit & regulatory requirements with evidence, were compliant.
- Make sure that infrastructure is compliant and has up-to-date patches.
- Plan for Application Hardware Software License upgrades or migration activities to align to the compliant platforms.
- Keep up-to-date DR Test Plan and manage regular DR Tests
- Manage application capacity forecasting and monitoring.
- Manage any IT Security incidents that may occur in the application.
- Support compliance on all steps of SDLC process and make sure that all SDLC controls are green.
- Application Decommissioning
- Drive incidents reduction against an application
- Planning/Organizing: Able to manage work but also to make the estimate, scheme in detail, work on deployment plans and manage deadlines.
- Manage the technical roadmap of the application (technology roadmap compliance), estimate/budget capacity needed.
- Expertise in Planning and execution of Releases, Changes, Patches.
- Exposure of handling L3 role, incident analysis, patch preparation and implementation.
- Skilled individual to interact with L2 teams for incident and problem management cases.
- The candidate will typically have a rather limited technical hands on involvement. A high-level understanding on the products/technologies below is welcomed:
- Databases;
- Application/web servers (like J2EE based, especially JBoss, Tomcat, WebLogic Server, Apache)
- Management of security certificates.
- Unix servers very basic administration
- Microservices and SOA
- Communication and encryption protocols (mainly HTTP(S), SSL)
- Networking (firewalls, load balancers, etc)
- High Availability Architecture.
- GCP Google Cloud Platform management
Your skills and experience
- Degree-level IT and/or information security qualification, or equivalent experience in
- Information Security and IT Security
- Experience in Software Development Lifecycle (SDLC) - from idea to production to understand our customer journey, these mostly application owners, business ISOs and development teams
- GCP-Cloud foundation knowledge
- General understanding of current security industry standards, best practices, and/or frameworks i.e.: NIST, ENISA, ISO27001, OWASP
- Problem-solving and analytical skills with the ability to oversee complex processes
- Ability to educate a technical and non-technical audience about various security measure
- Excellent communications skills and very service oriented and customer friendly behaviour even in stressful situations
- Self-driven behaviour
- Fluent in English (written/verbal)
Preferable
- Knowledge of information security tools e.g., security scan and testing tools
- Understanding of cloud engineering and native security features to support the migration path for applications onto the cloud environment
- Firm understanding of DevSecOps and the banks shift left agenda to integrate security in the software development lifecycle as earliest as possible.
- ISO or ITAO certification (for internals only)
