Company: Abu Dhabi Islamic Bank – Egypt
Location: Cairo, Egypt
Employment Type: Full-time
Description:
Strategic objectives:
Support Information security strategic program milestones
Functional Objective:
Information Security Program
Technical implementation of the Information security program and set actionable plan with IT.
Establish reporting communications that support Information Security IT threat Intelligence activities
Ensure implementation of necessary information security policies, standards, procedures and guidelines.
Threat Intelligence
Responsible for implementing of threat Intelligence program in parallel with threat vulnerability management program.
Follow the procedures to align with cyber security incident handling program.
Work closely with SOC to provide all needed information for proactive monitoring.
Maintain a current understanding the threat landscape for the Banking industry and closely aligned with head of Incident handling to provide security operation centre with up to date of Indication of compromise.
Maintaining the supported technologies and… follow the processes for proactive actions against Zero Day Attacks and persistence threats.
Responsible for determining enterprise Information security standards, ensuring bank is regulatory compliant with the rules for relevant bodies, enforce adherence to security practices.
Risk Identification, classification ,assessment and evaluation
Monitor information Security assessment to determine whether information systems are protected, and controlled. Collect information and review documentation to ensure that risks are identified and evaluated.
Responsible for evaluate controls for information systems ( all IT systems) during the requirements, acquisition, development and testing phases for compliance with the Information Security policies, standards, procedures and applicable external requirements ,ensure Information security risks are addressed which could lead to organization financial and reputation loss.
Evaluate the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information, this to ensure overall Information Security that could lead to organization financial and reputation loss if data is breached.
Maintain and Monitor the risk register to ensure that all identified risks highlighted with related accountability, Monitor existing risk to ensure that changes are identified and managed appropriately.
Maintain the risk scenarios to estimate likelihood and impact of significant risks to the Information systems, Correlate identified risks to relevant business processes to assist in identifying risk ownership.
Analyze risks, incidents and inter-dependencies to determine their impact on IT Systems and relative business objectives.
Review IT Security Standards and Baselines
Enable the measurement of IT Information security processes.
Monitor the information systems (IT systems) control design and implementation processes against Information Security baselines and standards to ensure it is implemented effectively and within time.
Risk and Control Monitoring
Review and monitor key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders
Identify the gap between current and desired risk levels to manage risk ,evaluate information security controls to determine whether they are appropriately and effectively mitigating the risk to defined acceptable level
Monitor and Communicate key risk indicators (KRIs) and Management activities to assist relevant stakeholders in their decision-making Process
Identify and report on risk including compliance to initiate corrective action and meet business regulatory requirements
Ensure that risk assessments, vulnerability assessments and threat analysis are conducted periodically and consistently to identify risk to the organization’s information.
Information Security Risk Response
Share the responsibility to Identify and evaluate Risk Response Options and provide IT managers with information to enable risk response decisions
Apply Risk criteria to assist in the development of the risk profile for management approvals
Assist in the development of business cases supporting the investment plan to ensure risk responses are aligned with identified business objectives
Minimum Qualifications
BSC in Communication Engineering or computer science
Minimum Experience:
Senior Analyst: 5+ Years of IT & Information Security experience
Analyst: 2-5 Years of IT & Information Security experience
CISSP (Certified Information Systems Security Professional) certificate is a must
CEH (Certified Ethical Hacking)
Job Specific Skills
Experience with source code analysis and reverse engineering
Strong understanding of TCP/IP networking solutions in support of business objectives
Participating in IT security initiatives
Participating in analyzing, and implementing solutions in support of business objectives.
Information Security Experience
Updated Security Threats and Vulnerabilities
Risk evaluation
Source: LinkedIn
——————————————————————————
Tadawul Academy (www.tadawul.academy) is the highest rated CISI training academy in the world. Over 7000 students are enrolled on our eLearning platform. Our portfolio of qualifications includes: CISI ICWIM (Int. Certificate in Wealth and Investment Management), CISI UAE Financial Rules and Regulations, CISI Risk in Financial Services, CISI IISI (Int. Introduction to Securities and Investment), CISI Corporate Finance Technical Foundations, CISI Combating Financial Crime, CISI Global Financial Compliance, etc.