Provide Information Security & Technology Risk Management consulting services to Project teams based on the Risk Management processes and procedures. Participate in Project meetings, Security Reviews, Walkthroughs, and Risk Assessments.
- Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape.
- Assess applications, infrastructure, business units, business processes and external suppliers for information security risks, identifying the potential threats and exposures.
- Examine and interpret requirements documents, architecture diagrams, solution designs and other written and verbal information to determine if a project, application, infrastructure or external supplier presents a security risk.
- Work with third party teams and internal development groups to interpret and review results from penetration tests on internet-facing applications as needed.
- Work with the required teams to ensure that code scans are completed for all new or modified code deployments.
- Track to completion, issues raised during the risk management reviews (TRA / ISA / PEN test / CIRA, Code scans/PIRT). Ensure as necessary the logging of identified issues as deficiencies, if mitigation will not be possible prior to project implementation and the associated risk is within the Bank’s risk appetite.
- Collaboration with relevant teams will be required.
- Provide Information Security risk consulting services to projects; to ensure all information security policies, standards and processes are embedded in the designed and delivered solutions.
- Any other related requests from Senior Management
- In consultation with the senior manager, develops a risk-based schedule for business as usual (BAU) baseline risk assessments; collaborating with respective technology and business owners to mitigate any significant issues identified.
- As requested by a senior manager, review all contract and third-party arrangements to ensure that information security policy are adhered to and that sufficient security protection will be afforded to information assets.
- Conducts security reviews of planned initiatives across the organization and produces high-quality threat risk assessment reports that clearly articulate the risks identified, along with recommendations on mitigation strategies.
- Weighs business needs against security concerns and provides risk-based recommendations to enhance information systems security, which are practical and achievable, thereby allowing the project/business sponsor(s) to make informed risk decisions; provides recommendations to enhance the Bank’s information security landscape.
- Works with respective Technology teams to ensure all vulnerabilities identified are sufficiently addressed
- Generates key performance indicators (KPIs) and identifies trends for information security risk and drives visibility and transparency of business value for completed work.
- Keeps abreast of financial industry regulations across the region
- Provides first-line subject matter expert advice on information security risk management standards, policies, and processes; keeps abreast of information security risk management frameworks, standards and industry best practices
BSc/BA in Computer Science, Engineering or a related field