Operational Duties
· Define Minimum Security baselines for Bank’s system in line with Regulatory requirements.
· Evaluate the security effectiveness of implemented technical controls
· Design Security Solutions to align with security requirements
· Advise and provide inputs for the security projects that address identified risks and business security requirements.
· Assist resource owners and IT staff in understanding and responding to security gaps.
· Perform and manage vulnerability assessment and penetration test \[Internal/External\] analysis on the Bank’s computing resources to demonstrate security control effectiveness/gaps.
· Provide support and guidance for legal and regulatory compliance efforts related to Data Protection.
· Provide expert guidance on security matters for other IT projects
· Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks
· Analyze current security posture and identify gaps. Design and implement a plan to mitigate such gaps.
· Define and design Disaster recovery Plans for Information security operation
· Assist with security breach investigations to guide the refinement of information security policies and practices
· Manage the periodic assessment of security systems and applications to ensure new threats are identified and managed and the security of the organization’s assets are maintained
· Provide Security Awareness training, and guidance to all Internal Users.
· Manage the Provision and de-provision of User access based on the request for the scoped system /applications including privileged access requirement raised by ITD.
· Lead the Roles and Groups definition in coordination with Business Units for the scoped system/application
· Manage User Access Management Function to ensure the day to day processing of access management requests are carried out in efficient manner
· Manage the allocation of access privileges of users to ensure appropriate security settings are applied in accordance with Organization policies and application owner-defined parameters
· Manage Periodic User Access review against the entitlements provided to be validated by business owner.
|