Follow the security risk assessment methodology to assess the different business initiatives and projects
Perform security risk assessments to align with the bank's security policies and guidelines
Validate and review the business requirements and ensure the relevant security measures are catered for throughout the different phases of the software development and acquisition lifecycle and the demand management process including security design assessments
Coordinate with the relevant IT and Business teams to ensure the proper management of test data during development and test phases
Assist in updating the different Security KRIs and RCSA exercise to maintain a repository of the identified risks and develop an action plan to mitigate those risks
Maintain the security risk log and file the necessary risk acceptances or corrective action plans, presenting the highlighted risks in a clear manner and proposing the relevant controls accordingly
Participate in the bank-wide risk assessment and business impact analysis exercise to prioritize and classify critical business processes and supporting infrastructure from availability, confidentiality and integrity point of view
Conduct security risk assessment for the identified vulnerabilities/issues resulting from the Vulnerability and Patch Management program or the different security third party/internal tests and scans to assess the severity of the security vulnerabilities, according to other temporal and environmental metrics
Liaise with IT Security and Identity & Access Management teams to ensure the proper enforcement of the security policies and effective utilization of the security controls in alignment with business/security strategy and requirements
Support the implementation of the strategic security projects to ensure proper alignment with the set security strategy and roadmap
Research the latest information security trends and threats and continuously adapt to catch with the latest cyber-attacks and techniques
Support the different security assessment exercises and ensure the effective implementation of the action plan with the relevant stakeholders
Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner
Follow the day-to-day operations related to own jobs in the Information Security Management department to ensure continuity of work
Requirements
Bachelor's degree of Engineering, Computer Science or equivalent
Minimum 2 - 4 years of work experience in Information Security, IT Security or IT Audit
Good knowledge about ISMS implementation and Security Risk assessments
