POSITION: INFORMATION AND SECURITY OFFICER (ISO)
The Information Security Officer (ISO) function within Enterprise Risk Management & Compliance Department (ERMC) is responsible for information security control enforcement, monitor and analyze the Bank’s networks for malicious activity. The ISO will investigate alerts, assisting with developing new security monitoring, use cases and ensuring all investigative activity is properly documented in the bank’s systems and followed up with relevant support teams.
Additionally, he/she will be in charge of banks infrastructure protection, the role will involve offering support that ensures that all bank systems are fully tested and remediated against any know or unknown risks. The ISO role will mainly focus to:
- Perform in-depth security assessments of the latest adversarial threat vectors and technologies to ensure the Bank remains aware and protected from adversarial attack.
- Develop CBAR Best practices for IT Security
- Provide guidance and advocacy regarding the prioritization of CBAR investments that impact information security
- Conduct threat, vulnerability and penetration testing on the Bank’s environment on a continuous basis. Reporting any issues noted and advising stakeholders on mitigation strategies.
- Review of network architecture and artifact configurations (Firewalls, Routers, Switches, IDS, IPS) and give practical recommendations.
- Support network and information security teams in coming up with controls self – assessment frameworks through developing custom scripts and work steps.
- Present findings with clarity to management and get buy-in for the implementation of controls.
- Mine forensic data investigative and forensic audits in support of CBAR.
- Review and provide support to ICT security policy implementation,
- Keep a track on the IT risks and controls process through desk monitoring.
- Participate in the implementation of the department Quality Assurance Program, with regard to Information Security Systems, to ensure that the bank is functioning at a high level of efficiency and effectiveness.
- Support in other reviews that might be allocated from time to time.
- Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
- Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or benchmarks.
- Business partner to provide insights of competitive drivers, market trends and the business environment as a whole.
- Self-empowerment communication, teamwork and trust that are needed to support performance and customer-service oriented culture.
- Ability to build strong Partner relationships with peer technology groups and support CBAR business Drive required risk culture and partnership with peer technology teams and supported CBAR Business
- Participates in key ERMC Department operating routines to drive information security risk strategy
- Ability to gather data, compile information and prepare reports
- Ability to perform control reviews on systems development, operations, programming, control and security procedures and standards.
QUALIFICATION AND EXPERIENCE REQUIREMENT
- The applicant for the CBAR Information Security Officer Job placement must hold a Bachelor’s degree in information Technology/ Computer Science.
- CEC (Certified Ethical Hacker) will be added advantage.
- 2-3experience in information security or related field
- Proven ability to identify and analyze complex security risks and threats and plan for mitigation and response.
- Proficient in the use of vulnerability and penetration testing tools both commercial and open source.
- A keen eye to identify vulnerabilities and ensure remediation is done.
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix.
- Excellent understanding of Bank's infrastructure, networks and systems.
- Knowledge of applications, databases, middleware to address security threats against the same.
- Excellent communication and leadership skills.
- Shift-based management skills.
- Threat and cybersecurity competencies.
- Strong analytical skills and problem-solving skills.
- Excellent planning skills.
- High personal standards and goal oriented.
- Deep knowledge of Bank's infrastructure, networks, and systems.
CBA has a proud heritage as one of East Africa's leading financial institutions and has for the past 50 years set the standard for personalized service and customer relation excellence. We attribute our success to the way in which we grow and nurture our talent. By aligning our values of elegance, prestige, comfort and confidence with an ethos of high performance and distinction, our brand promise is realised for both our customers and employees, giving them the opportunity to "get more out of life," If you believe that excellence is not an act, but a habit, then send your application letter and CV to email@example.com by 2nd May 2019.