Job Description INFORMATION SECURITY SENIOR ANALYST - ( 240000Z9 )
Description
JOB PURPOSE:
To support the Information Security Analysis Team in order to properly manage the bank-wide security risks according to the developed security risk assessment methodology. In addition to facilitate and ensure the remediation of the identified vulnerabilities by planning and ensuring the implementation of security measures to proactively protect the confidentiality, integrity and availability of the organization’s information assets and to mitigate the identified/potential risks. KEY ACCOUNTABILITIES
1. Conduct the annual review and update of the area’s processes, procedures and policies with the adherence to the developed SLAs.
2. Ensure proper classification of critical business processes and supporting infrastructure from availability, confidentiality and integrity point of view according to the developed security risk assessment methodology.
3. Review and validate the security risk assessments conducted in line with the bank’s security policies and guidelines.
4. Participate in the security gap and threat assessments post globally/locally identified security incidents/threats conducted by Continuity & Resilience Management and ensure the effective implementation of the action plan with the relevant stakeholders.
5. Support the implementation of the different security projects and initiatives through defining the necessary security requirements in full alignment with the security policies’ and industry requirements.
6. Support the implementation of the key strategic business initiatives and projects through following the secure software development and acquisition life cycle including specifying the confidentiality, integrity, and availability requirements, addressing security requirements throughout the development/acquisition of new systems and performing proper risk assessment prior to releasing new systems to production.
7. Validate the security requirements to ensure the proper management of test data on development and test environments according to the set test data management strategy and in alignment with the developed security policies.
8. Provide recommendations for the development of the Security Operations Centre Threats’ Monitoring requirements to proactively protect, analyse and maintain a secure environment against the ever-changing threat landscape.
9. Provide updates on the different Security KRIs and RCSA in coordination with Continuity & Resilience Management Department to maintain a repository of the identified risks and develop an action plan to mitigate those risks.
10. Conduct periodic security risk assessments on critical infrastructure and systems as per the set plan with proper risk mitigation commensurate with the organization’s risk tolerance and appetite.
11. Conduct the different security assessments for Vendors and third Parties providing critical services and engagements that involve access to or sharing of CIB’s information or data, as part of the Vendor Management Policy.
12. Ensure all identified risks are maintained and registered within the bank’s security risk register with proper asset classification covering all internal and external risks.
13. Research the latest information security trends and threats and continuously adapt to catch with the latest cyber-attacks and techniques.
14. Conduct threat modelling to assess the different threat scenarios against the kill chain and define the set of security controls that would detect, prevent and respond to such threats.
15. Liaise with IT Security Infrastructure and Identity & Access Management teams to ensure the proper enforcement of the security policies and effective utilization of the security controls in alignment with business / security strategy and requirements.
Qualifications
Qualifications & Experience § Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent.
§ Minimum 5 - 7 years of work experience in Information Security, IT Security Analysis or Risk Analysis
§ Excellent Knowledge of ISO 27001, PCI standards and SWIFT CSP
§ Excellent knowledge about ISMS implementation and Security Risk assessments.
§ Must have technical background in areas like software development, security architecture, security platforms and tools/platforms administration and management along with risk background
§ Mandatory Certifications:
o ISO 27001:2013 Lead implementer
§ Recommended Certifications:
o CISM
o EC-Council – CEH
Skills
§ Time Management Skills, Analytical skills, and Strong presentation skills
§ Teamwork Spirit
Strong Communication skills
Primary Location
: Egypt-Giza-SMART VILLAGE BLDG. 2
