IT Security Analyst

To ensure effective implementation of the security controls, mandates and requirements within the design, initiation, and implementation lifecycle of new projects, BRDs in alignment with the security policies and procedures.

Description

• Participate in security gap and threat assessments post globally/locally identified security incidents/threats and put an action plan in place with effective coordination with the relevant stakeholder’s bank wide till completion, in order to keep business secured operations proactively.
• Liaise with the Information Security to validate and review the business requirements and ensure the relevant security measures are catered for throughout the different phases of the software development lifecycle (SDLC) and the demand management process from a technical perspective, in order to keep proper assurance of security controls across the entire program/project life cycle.
• Update the different Security KRIs and coordinate the RCSA exercise with Risk Group from an IT Security standpoint and in liaison with the Information Security risk and governance function, in order to provide business by the proper assurance of organization proactive security against known threats.
• Assist in the development and the maintenance of the different security policies/IT Security controls through defining the required controls in alignment with the ISO/PCI and other applicable standards, best practices and regulations, utilizing vulnerability assessment and penetration testing tools, in order to proactively provide business by proper assurance being complaint with internal/external policies/regulations.
• Participate & coordinate for a bank-wide risk assessment and business impact analysis exercise in order to prioritize and classify critical business processes and supporting infrastructure from availability, confidentiality and integrity point of view.
• Coordinate the resolution of open/outstanding security related tickets and requests according to the approved SLA and in compliance with the approved security standards and industry best practices in coordination with different IT teams, in order to provide business by proper assurance of secured and effective business day to day operation.
• Provide full support and dedication in facilitating required technical resources and hands-on for IT and Business projects in compliance with business objectives while adhering to security standards and industry best practices , in order to enable secured program/project management.
• Prepare daily IT Security KPIs and analyse the overall tickets, incidents and requests that achieved against what have to be through working closely with the Identity Access Management and Security Infrastructure teams, in order to improve IT Security daily operations, and keep highest levels of business satisfaction.
• Prepare and organize all required documentation and evidences to concerned departments/ business partners “i.e. Information Security, External Audit, CBE, Internal Audit…etc.” according to corporate approved policies and procedures, in order to keep organization compliance and certification with standards and regulations.
• Provide full support and dedication in facilitating required technical resources and hands-on for vendors and 3rd party related documentation and secured computing environments for proof of concept and tendering according to corporate approved policies and procedures, in order to achieve successful programs/projects.
• Monitor IT Security level of compliance with Information Security and HR Policies and Procedures, in order to enable business through IT Security in proactive manner.

Policies, Processes and Procedures

• Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.

Day-to-day management

• Follow the day-to-day operations related to own jobs in the IT Security Analysts, Business Project tracking, Security Projects tracking, and Vulnerability assessment to ensure continuity of work.

Compliance

• Comply with all relevant CBE regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks.