---

---

Description:

One of our Clients a leading Commercial Bank has given us the mandate to assist in the identification and recruitment of highly qualified and competent professionals.

Job Purpose
The Information Security Officer will serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the Bank's information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. Information Security Officer will be responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

Summary of Key Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Develop and enhance an information security management framework.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Provide leadership to the enterprise's information security organization.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
• Act as the organization’s representative with respect to inquiries from customers, partners, and the general public regarding the organization’s security strategy.
• Act as the organization’s representative when dealing with law enforcement agencies while pursuing the sources of network attacks and information theft by employees.
• Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements.
• Monitor the logs on a periodic basis during the day for error detection and timely resolution
• Enforce logical and physical security measures over communication systems (e.g., leased lines, routers, modems, Internet, Intranet, E-mail, iPhone, etc.)
• Enforce Access Control policies to control usage of networked resources
• Review network logs, OS logs and WAN incidents.
• Ensure that the network O/S is maintained in accordance with the Bank’s Security policies & procedures.
• Review whether access to application programs/files and other sensitive system files is appropriately restricted.
• Security Configuration & Maintenance of the Infrastructure.
• Development of Minimum Baseline standards for the IT components.
• Identifying New Technology Solutions for the Bank and assessment of security patches and upgrades of existing applications and operating systems within the Bank
• Risk Assessment includes identifying asset threats, vulnerabilities, and compensating controls, developing a risk profile for the assessed environment, and developing a risk reduction plan for the environment.
• System Monitoring involving monitoring of networks and systems for security-related events and incidents. This includes monitoring, management, and maintenance of the Intrusion Detection System and reviewing log files of security infrastructure systems for any unauthorized or unrecognized activity.
• System Security Analysis completing the security review on all of the Bank’s systems to ensure compliance with the Minimum Baseline Standards and other policies and standards as related to operating systems, network devices, and applications
  
  

---

Primary Areas of Accountability: