INFORMATION & TECHNOLOGY (IT) SECURITY SPECIALIST

Purpose of the Job:

The ICT Security Specialist primary objective is to research, develop, implement, test and review an organization’s information security in order to protect information and prevent unauthorized access. Thereby protecting systems by defining access privileges, control structures, and resources.

 

Key Accountabilities:

1. Protect the Bank from unauthorized access to information and violations of IT systems by analyzing and assessing potential security risks and implementing and managing defensive counter measures such as firewalls, intrusion prevention systems and data-loss prevention solutions, to enable a safe computing environment;

2. Enforce user access control on various IT systems and infrastructure to ensure only authorized users have access to systems and provide updates and reports to IT Management and the Bank’s Risk Management function. Consults with functional unit management and personnel to identify, define and document business needs and objectives, current operational procedures, problems, input and output requirements, and levels of systems access;

3. Conduct security assessments by performing ethical hacking & penetration testing and on a regular basis to expose and report on weaknesses in security for the Bank’s IT systems & to make recommendations on solutions and mitigating actions;

4. Research, recommend and review new IT security systems and solutions (i.e. Firewalls, IPS, Threat Management etc.) to ensure the Bank uses modern solutions to address exposure to fast-changing global security risks and make recommendations to IT Management for medium to long term planning;

5. Identifies opportunities for improving business processes through information systems and/or non-system driver changes; assists in the preparation of proposals to develop new systems and/or operational changes;

6. Creating and implementing security related disaster recovery plans by conducting disaster recovery testing in case of a disruption to business operations, in conjunction with the Bank’s risk management function to ensure effective continuity of business;

7. Improve the security posture of staff members by assisting with user awareness and security training of end users on an annual basis to reduce the effectiveness of social engineering and elementary mistakes that can cause security breaches;

8. Maintain regular documentation on security systems and provide incidents & periodic reports on IT Security related matters by monitoring, reviewing and auditing systems for IT Management to ensure the security posture of the Bank is optimized and breaches to systems are reported on and mitigated in a timely manner;

9. Attend to various related tasks as assigned by the IT Manager

 

Required Knowledge and Skills: