Information & Technology (IT) Security Specialist

Reports To: IT Manager

 

Purpose of the Job:

The ICT Security Specialist primary objective is to research, develop, implement, test and review an organization’s information security in order to protect information and prevent unauthorized access. Thereby protecting systems by defining access privileges, control structures, and resources. 

 

Key Accountabilities:

1. Protect the Bank from unauthorized access to information and violations of IT systems by analyzing and assessing potential security risks and implementing and managing defensive counter measures such as firewalls, intrusion prevention systems and data-loss prevention solutions, to enable a safe computing environment;

2. Enforce user access control on various IT systems and infrastructure to ensure only authorized users have access to systems and provide updates and reports to IT Management and the Bank’s Risk Management function. Consults with functional unit management and personnel to identify, define and document business needs and objectives, current operational procedures, problems, input and output requirements, and levels of systems access;

3. Conduct security assessments by performing ethical hacking & penetration testing and on a regular basis to expose and report on weaknesses in security for the Bank’s IT systems & to make recommendations on solutions and mitigating actions;

4. Research, recommend and review new IT security systems and solutions (i.e. Firewalls, IPS, Threat Management etc.) to ensure the Bank uses modern solutions to address exposure to fast-changing global security risks and make recommendations to IT Management for medium to long term planning;

5. Identifies opportunities for improving business processes through information systems and/or non-system driver changes; assists in the preparation of proposals to develop new systems and/or operational changes; 

6. Creating and implementing security related disaster recovery plans by conducting disaster recovery testing in case of a disruption to business operations, in conjunction with the Bank’s risk management function to ensure effective continuity of business;

7. Improve the security posture of staff members by assisting with user awareness and security training of end users on an annual basis to reduce the effectiveness of social engineering and elementary mistakes that can cause security breaches; 

8. Maintain regular documentation on security systems and provide incidents & periodic reports on IT Security related matters by monitoring, reviewing and auditing systems for IT Management to ensure the security posture of the Bank is optimized and breaches to systems are reported on and mitigated in a timely manner;

9. Attend to various related tasks as assigned by the IT Manager

 

Required Knowledge and Skills:

• 3 year Diploma in Information Systems with 4 years of relevant experience  

• Security Industry related Certifications are a distinct advantages 

 

Technical: 

• Understanding and knowledge of ISO 27000 series of IT Security standards (more specifically 27002)

• IT Security Audit fundamentals

• Network security and security architecture

• Penetration testing and ethical hacking

• Sound IT Security systems concepts and principles 

• Technical computer knowledge 

• Complex modelling techniques 

• Technical writing 

 

Analytical: 

• Analytical and conceptual expertise

• IT forensic analysis

• Incident handling & analysis

• Planning, documentation, analysis and business requirements management techniques  

• Object-oriented analysis 

• Evaluation of profitability/risk 

• Testing, verification and validation techniques 

• Creation of the Business Requirements Document - BRD 

• Administrative and reporting abilities 

 

Management: 

• Decision-making 

• Fundamentals of project management 

• Identity & Access Management 

• Confidentiality, ethical behavior & integrity

• Management of organizational changes 

• Time management and personal organization skills  

• Integrity and ethics 

 

General Responsibilities

• Flexible in working under changing and different work settings. 

• Maintain high team morale. 

• Adhere to company and project standards and guidelines. 

• Accurate time accounting and reporting of own work. 

• Promptly escalate issues, which affect product delivery and quality that are beyond scope of influence and report it to reporting manager. 

• Pay high attention to detail in all work. 

• Quality, on time delivery of agreed deliverables. 

• Contribute to the company knowledge base and process improvements. 

 

Technical Recommendation and Testing 

• Co-ordinate testing efforts with QA 

• Ensures issues are identified, tracked, reported on, and resolved in a timely manner. 

• Works with IT personnel to identify required changes. 

• Communicates needed changes to CAB team. 

 

Project Execution

• Assists in enforcement of project deadlines and schedules. 

• Takes input from supervisor and appropriately and accurately applies comments/feedback. 

• Communicates and applies project standards. 

• Manages resources in accordance with project schedule. 

• Consistently delivers high-quality services to our clients. 

• Understands the components of running a fiscally successful project. 

• Acknowledges and appreciates each team member's contributions. 

 

Typical Working Conditions:

• Work is performed in an office environment; continuous contact with other staff and/or the public. 

• Occasional overtime and travel to outside branches is required.