Its Iss Support Serivces is seeking a Senior/Experienced information Security and Risk consultant to support the non-financial risk management team. We are seeking a self motivated and directed individual with the ability to effectively prioritize and execute tasks in a high-pressure environment. The candidate will have a strong IT infrastructure background and a broad understanding of security controls. He can collaborate across the organisation to achieve mutual goals.
Responsibilities may include but are not limited to:
- Conduct in-depth security assessments : Business impact analysis, Threats and Vulnerabilities control assessment, project risk reviews, etc.
- Translate the risk assessment findings into reports and language that articulates the risk in a clear and effective manner for (Senior) management audiences team and staff;
- Consult with, or assist, Senior managers (risk issue owners) on the development of risk action plans to ensure that plans include key elements (e.g., response, cost, target date).
- Ensure risk methodology is applied consistently across the department
- Report and escalate issues appropriately and timely
- Review and perform quality assurance of technical operational security control documentations.
- The ideal candidate will have a well-rounded information security background including a strong understanding of IT risk management, information security controls, industry standards and best practices such as the NIST SP 800 series, NIST Csf, and ISO 27000 series.
- The candidate should understand and have experience with the security configuration, as well as, various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. SOX and PCI).
- The ideal candidate will also have a diverse technical background including experience with multiple security technologies and Infrastructure technology concepts such as networks, databases, Storage, mainframes, file systems, servers, network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security, etc.
- Amongst the various responsibilities the candidate might face, the primer objective of the mission will be to help Infrastructure Services to improve its risk profile and the one of the Bank by ensuring a correct and in-time coordinations and qualitative review of security documentation.
- Minimum Requirements:
- Bachelor's degree or equivalent work experience
- Minimum of 8 years of experience in information technology and/or information security and compliance
- Understanding of financial industry legal, regulatory and compliance requirements for information security
- Effective communication
- Good working knowledge of MS-Office tools.
- Preferred Skills:
- Graduate/Master's level degree in the areas of information security, computer science, information technology management, technology auditing
- Experience in risk and compliance management and process development in the areas of information technology and security
- Working knowledge of IBM Openpages GRC Platform
- Experience in administrating or working with one or more of the following technologies : networks, databases, Storage, mainframes, file systems, servers, network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security, etc.
- Industry certifications in the area of information security, project management and technology auditing including, PMP, Prince2, Crisc, CISSP, CISM, Cgeit, CISA, GIAC Gsec, and/or comparable qualifications