Skills And Tools:
- The post holder will provide internal and external audit expertise on technical and organizational security measures employed within the banking sector and software development sectors and will be able to liaise effectively on a technical level with external stakeholders.
- Manage and conduct technical expert audits of information security management and controls.
- Support the organization and external customers by providing technical expertise during the scoping, planning, delivery and reporting audits within the banking sector.
- The post holder will develop the understanding of security technologies particularly in respect of information security; in so doing contribute to the ongoing development of company audit strategy.
- The post holder will work with colleagues across all departments to support effective delivery of audits and related work.
- The post holder will also respond to security alerts and threats, take part in visualizing EastNets security strategy and take part in implementing and auditing security controls and projects across various departments, additionally, he will participate in delivering EastNets security consultancy services to its customers globally.
- Approximately 5 years work experience demonstrating graduate level ability
- Certification or already working towards certification in any of CISM, CISSP, CISA, 27001 Lead Auditor, Cobit 5 Certified Assessor, CESG Certified Professional, CLAS.
- Good experience of configuring, managing or auditing ISMS within ISO 27001, Cobit or similar frameworks as part of an IT, Information Governance, internal or external audit team.
- Practical experience of enterprise security design and architecture within banking or IT or software development industry services.
- Practical experience with vulnerability testing or evaluation of information security architecture, its effectiveness and compliance with legal, regulatory or industry standards.
- Practical experience of configuring, managing, or auditing user privileges including system log analysis. Experience of working with the Security Policy Framework.
- Strong verbal reasoning, and analytical skills and attention to detail.
- Experience working with security and regulatory requirements.
- Good ability to apply minimum information security standards (as described above) practically and pragmatically.
- Demonstrate good understanding of current cyber threats and information security best practices. Practical understanding of
the Data Protection Act and/or Privacy and security standards and
- Strong influencing and negotiating skills and the confidence to make robust yet pragmatic recommendations to senior management.
- Ability to travel and work away from home on audit engagements
which mayl require 2/3 night overnight stays every 8/10 weeks.
- Strong written communication skills, including the ability to convey technical subject matter clearly and concisely.