Job Purpose Summary:
The Job holder shall be responsible for:
• Maintaining and enhancing the overall IT security architecture of the Bank via managing and monitoring network security, tools and system security.
• Implementing the security policy to ensure the compliance of Group IT Security Policy and SBV requirements.
• IT risk management, audit liaison and other “Protect the Bank” activities.
Key Responsibilities and Accountabilities:
Functional (job responsibilities)
Functional (job responsibilities)
1. IT Project Risk Analysis
Participate in projects and provide advice on security and compliance requirement based on basic security control checklists
Perform IT risk review on key projects, review accuracy of risk scoring and adequacy of risk mitigation plans.
Escalate project risk issues (IT Risks) to Working Group Committee or Project Steering Committee.
Drive technology risk assessment projects with external service engagements.
2. Security Administration:
• User IDs administration for system, network and application
• Security software licensing, monitoring and renewal
• Evaluate, notify and monitor security patches
• Review new project related to system, network, application and database security requirement
• Update and monitor Anti-Virus definition
• Coordinates Network Security Review and Penetration Test exercise
3. IT Risk Management & IT Policies
• Overall management of IT risks, enhancement and implementation of bank-wide IT Risk Management Framework, IT Security and Compliance
• Review and provide advisory on adequacy of IT policies and procedures.
• Conduct IT Security awareness training
• IT Risk mitigation plans and reporting
• Define technology Key Risk Indicators for proper risk monitoring.
• Design and enhance IT risk dashboard for management reporting
• Provide advice and early warning alerts to management base on emerging security threats trend.
4. IT Operations Risk Monitoring
• Perform self-assessment (including system security) on regular basis and highlight any weaknesses
• Monitor phishing attempts and escalate to bring down the scam sites
• Coordinates investigation related to network security incidents and follow-up on action plan till resolution.
• Review accuracy of risk scoring and adequacy of risk mitigation plans under the IT RCSA (Risk & Control Self- Assessment) exercise.
• Perform thematic assessment on identified technology risk areas and as per regulatory guidelines’ requirements, and thereafter to document observation reports for update to Management.
Managerial (team/group responsibilities)
• Individual contributor
Organizational (organizational responsibilities)
• Timely notifying to management on potential security problems which are not adequately addressed by existing control mechanisms
• Proper escalate potential security issues to Group IT Security for further remediation or recommendation.
Xem toàn bộ Mô Tả Công Việc
Yêu Cầu Công Việc
Jobholder Requirements:
Education/Qualification
• Recognized Degree in Computer Science or its equivalent.
Experience
• Minimum 3 years working experience in Security and Risk Management, and security devices/applications is of added advantage
• Consistent in research for new technology to enhance the existing controls, infrastructure, processes, procedures and other IT risk related items
• Experience in Infrastructure (server, network, storage, OS ..) is added advantage
Special Skills
• Aptitude towards IT risk management and Security
• Good interpersonal and communication skills
• Able to think out of the box during troubleshooting
• Linux OS,
• Experience in open source software
• Dedicated, hardworking, resourceful
• Ability to work independently
Certification/Licensing Requirements
• IT Governance, Risk and Security related certifications will be of added advantage.
Các Phúc Lợi Dành Cho Bạn
Secured Loan at special rate under PFS Scheme
Health Care & Group Term Life Insurance