Cyber Security Senior Analyst-Analyst AtAbu Dhabi Islamic Bank - Egypt
Accountabilities:
Strategic objectives:
· Support Information security strategic program milestones
Functional Objective:
Information Security Program
· Technical implementation of the Information security program and following actionable plan with IT.
· Build Security Matrix for different access
· Establish reporting communications that support Information Security IT Governance activities
· Ensure implementation of necessary information security policies, standards, procedures and guidelines.
· Review the plan and test results of disaster recovery
Risk Identification, classification ,assessment and evaluation
· Assess controls for information systems ( all IT systems) during the requirements, acquisition, development and testing phases for compliance with the Information Security policies, standards, procedures and applicable external requirements ,ensure Information security risks are addressed which could lead to organization financial and reputation loss.
· Evaluate the readiness of information systems ( All IT systems)for implementation and migration into production and Conduct post-implementation reviews of systems to determine whether Information System deliverables, controls are complied with Information Security policies, standards and ensure Information security risks that could lead to organization financial and reputation loss are addressed.
· Assess the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information, this to ensure overall Information Security that could lead to organization financial and reputation loss if data is breached.
· Maintain a risk register to ensure that all identified risks highlighted with related accountability, Monitor existing risk to ensure that changes are identified and managed appropriately.
· Assemble risk scenarios to estimate likelihood and impact of significant risks to the Information systems, Correlate identified risks to relevant business processes to assist in identifying risk ownership.
· Analyse risks, incidents and interdependencies to determine their impact on IT Systems and relative business objectives.
· Develop Information Security Standards and Baselines aligned with Information security polices
· Assess and Evaluate the non-business application access (VPN, Internet, etc) that can be easily integrated into Identity management solutions and technologies adopted by the bank.
· Monitor the information systems (IT systems) control design and implementation processes against Information Security baselines and standard to ensure it is implemented effectively and within time.
· Enable the measurement of IT Information security processes
Risk and Control Monitoring
· Identify the gap between current and desired risk levels to manage risk ,evaluate information security controls to determine whether they are appropriately and effectively mitigating the risk to defined acceptable level
· Facilitate independent risk assessments and risk management Process review to ensure that they are performed efficiently and effectively
· Monitor and Communicate key risk indicators (KRIs) and Management activities to assist relevant stakeholders in their decision-making Process
· Identify and report on risk including compliance to initiate corrective action and meet business regulatory requirements
· Ensure that risk assessments, vulnerability assessments and threat analysis are conducted periodically and consistently to identify risk to the organization’s information.
Information Security Risk Response
· Identify Risk Response Options and provide IT managers with information to enable risk response decisions
· Apply Risk criteria to assist in the development of the risk profile for management approvals
· Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness.
Information Security Risk awareness
· Provide and conduct training for IT Staff to ensure their understanding to risk and promote a risk-aware culture.
· Measure the understanding of IT staff against the security awareness objectives
Reporting
· Communicate to Infrastructure Information Security Manager the status of the IT Security Program progress
Minimum Qualifications
• BSC in Communication Engineering or computer science
Minimum Experience:-
3-5 + years of IT & Security experience
Certificates:
o SANS security certificates are preferred
Job Specific Skills
· Participating in IT security initiatives
· Participating in analyzing, and implementing solutions in support of business objectives.
· Regulatory knowledge (CBE, PCI,..)
· Updated Security Threats and Vulnerabilities
· Business Continuity and Disaster Recovery experience/knowledge
· Risk evaluation
Generic Skills
• Planning and Time management skills
• Communication Skills
• Creativity thinking
• Dynamic , continuous improvement and Learning and crises management
• Documentation and Organization