Information Security & Technology Risk Consultant Tasks

Provide Information Security & Technology Risk Management consulting services to Project teams based on the Risk Management processes and procedures.  Participate in Project meetings, Security Reviews, Walkthroughs, and Risk Assessments.

Requirements

1. Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape.
2. Assess applications, infrastructure, business units, business processes and external suppliers for information security risks, identifying the potential threats and exposures.
3. Examine and interpret requirements documents, architecture diagrams, solution designs and other written and verbal information to determine if a project, application, infrastructure or external supplier presents a security risk.
4. Work with third party teams and internal development groups to interpret and review results from penetration tests on internet-facing applications as needed.
5. Work with the required teams to ensure that code scans are completed for all new or modified code deployments.
6. Track to completion, issues raised during the risk management reviews (TRA / ISA / PEN test / CIRA, Code scans/PIRT).  Ensure as necessary the logging of identified issues as deficiencies, if mitigation will not be possible prior to project implementation and the associated risk is within the Bank’s risk appetite.
7. Collaboration with relevant teams will be required.
8. Provide Information Security risk consulting services to projects; to ensure all information security policies, standards and processes are embedded in the designed and delivered solutions.
9. Any other related requests from Senior Management
10. In consultation with the senior manager, develops a risk-based schedule for business as usual (BAU) baseline risk assessments; collaborating with respective technology and business owners to mitigate any significant issues identified.
11. As requested by a senior manager, review all contract and third-party arrangements to ensure that information security policy are adhered to and that sufficient security protection will be afforded to information assets.
12. Conducts security reviews of planned initiatives across the organization and produces high-quality threat risk assessment reports that clearly articulate the risks identified, along with recommendations on mitigation strategies.
13. Weighs business needs against security concerns and provides risk-based recommendations to enhance information systems security, which are practical and achievable, thereby allowing the project/business sponsor(s) to make informed risk decisions; provides recommendations to enhance the Bank’s information security landscape.
14. Works with respective Technology teams to ensure all vulnerabilities identified are sufficiently addressed
15. Generates key performance indicators (KPIs) and identifies trends for information security risk and drives visibility and transparency of business value for completed work.
16. Keeps abreast of financial industry regulations across the region
17. Provides first-line subject matter expert advice on information security risk management standards, policies, and processes; keeps abreast of information security risk management frameworks, standards and industry best practices

Academic Requirements

BSc/BA in Computer Science, Engineering or a related field