Job Posting Status is Expired Please note that the job is not published for job seekers and you will not receive any applicants due to the job status.
Upload
Job Description
JOB PURPOSE
To manage and implement ADCB’s cyber security and incident response strategy by designing and implementing security measures, conducting vulnerability assessment and monitoring and managing the response to cyber security incidents to ensure bank operates within a pre-defined risk appetite to mitigate any foreseeable cyber security threats
ACCOUNTABILITIES
Technical and Cyber Security Advisory: Evaluate technical risk, design, architecture, feasibility analysis, vendor review and security controls of all infrastructure technologies and business systems being implemented in the bank Manage programmes and projects to implement new information security products, tools, and innovations that would augment the controls and improve user experience Research the latest trends in threats, threat actors, industry security news, global security incidents and trends to ensure that the bank is protected against similar scenarios and design, develop and implement technical information security frameworks in line with the required standards
Vulnerability Management: Manage and implement the vulnerability management lifecycle and penetration testing on the banking infrastructure and systems to ensure that all the bank’s technology systems are continuously protected against threats Manage the implementation of information security policies, procedures and technical standards to prevent unauthorised disclosures, unauthorised use, inappropriate modification, premature deletion and unavailability of data and business/infrastructure systems Develop and ensure technology baselines for the secure management of systems across all platforms, including development and maintenance of encryption standards, intrusion detection strategy, and network authentication
Security Operation Centre: Manage an effective internal Security Operations Centre to ensure effective monitoring is carried out by SOC staff for any unauthorised use or leakage of sensitive data from the bank, phishing attacks, social media abuse and other malicious activities that could bring about a reputational damage for the bank or unauthorised access to bank’s critical systems Build capabilities within the SOC for advanced malware analysis, forensics and detection of advanced persistent threats
Monitoring: Design and implement a continuous monitoring strategy for the bank’s information systems according to the threat landscape for evidence of malicious activity or intrusion attempts Run programmes for the implementation of automated tools to bring efficiencies log collection, correlation, analysis tools for effective monitoring of security Provide advisory services to business and infrastructure projects on maintaining adequate audit trails so that sufficient evidences of computerised business activities exists to reconcile accounts Detect frauds, identify unauthorised access attempts and breaks ins and quickly resolve problems to maintain secure and reliable information systems within ADCB
Incident Response: Create and oversee crisis and emergency management practices and provide in-depth technical advice for investigations of information security incidents such as internal frauds and hacker break-ins, ensuring root cause analysis is performed to identify and recommend corrective actions to prevent similar incidents from reoccurring Manage the SIRT (Security Incident Response Team) to conduct full coordinated cross functional response to major security incidents and lead the actions to a full remediation of any potential causes of security breach Provide technical information security consulting assistance for ADCB staff disciplinary measures, civil suits and criminal prosecutions, if and when needed
Big Data Security: Review and recommend security configuration requirements for Big Data infrastructure in order to protect the confidentiality and integrity of customer’s personally identifiable information and to ensure availability of the system Review big data ecosystem/applications and determine where encryption is necessary in order to protect sensitive information. Review big data ecosystem/applications and determine optimum set of role based access controls to ensure access is based on a need to know basis Review Big Data architecture and recommend appropriate controls to ensure the infrastructure is protected against all internal and external threats Conduct periodic vulnerability assessments, internal penetration testing and recommend remedial action to ensure systems are secure, any implemented fixes are working effectively and no new venerability gaps are evident Perform detailed risk assessments of big data ecosystem in order to provide recommendations Recommend baseline security standards for big data infrastructure to ensure optimum security
People Management: Manage self and team in line with ADCB’s people management policies, procedures, processes and practices to ensure adherence and to maximise own and employee contribution to business performance Manage the effective achievement of the team’s objectives through setting individual objectives, managing performance, developing the team and providing formal and informal feedback to maximise overall performance, engagement and motivation
Budget Management: Contribute to the preparation of the business area’s budget and manage and monitor the financial performance against the budget so that areas of unsatisfactory performance are identified, rectified promptly and potential performance improvement opportunities are capitalised upon
Continuous Improvement: Identify opportunities to contribute to organisational and departmental change initiatives, programmes and projects taking into account best practice and standards in the business environment
Customer Service: Demonstrate Our Promise and apply the ADCB Service Standards to deliver the bank’s required levels of service in all internal and external customer interactions
Policies, Processes, Systems and Procedures: Recommend and implement improvements to departmental policies, procedures and processes covering all areas of activity so that all relevant procedural requirements are fulfilled while ensuring that ADCB delivers best-in-class services, products and innovation
Skills
EXPERIENCE, QUALIFICATIONS & COMPETENCIES
Minimum Experience
At least 12 years of experience in a banking industry or similar environment, with 5 years of related managerial experience
Minimum Qualifications
Bachelor’s degree in Computer Science or equivalent
Professional Qualifications
Professional Certifications such as CISSP, CISA, SANS GIAC, CEH (mandatory)
Knowledge and Skills
In-depth knowledge in information security, specifically in risk/vulnerability assessment, data classification and industry standard frameworks such as ISO 27001, PCI-DSS
Thorough knowledge of firewalls, network components, protocols, intrusion prevention systems, antivirus software, web content filtering, database products
Sound understanding of the vulnerabilities in operating systems, databases and major applications and the technical knowledge necessary to mitigate these
Working knowledge experience of banking operations and related problems
Strong awareness of application security requirements and techniques
Extensive experience in enterprise security architecture design, vulnerability management
Knowledge and ability to apply risk management techniques to security policy enforcement and compliance
Problem solving skills