IT Security Officer is responsible for providing assistance in developing and enforcing IT security policies, facilitate implementation of industry best practices and security awareness campaigns across KBL network
1. Assist in the development and enforcement and compliance of information security policies across the bank
2. Work directly with the line manager in order to monitor compliance and its enforcement of IT security policies.
3. Perform internal vulnerability testing for the current IT infrastructure and suggest appropriate controls on the basis of findings
4. Review various logs of system (network, switches, firewalls, application servers, databases servers, etc), as and when directed by line management, through automated or manual means and report any unusual behavior, policy non-compliance or threat etc.
5. Log, investigate and document findings of information security incidents reported to IT Compliance team
6. Designing network infrastructure security including: firewalls; IDS / IPS; network monitoring; vulnerability scanning; encryption solutions; Internet proxies; and e-mail content filtering.
7. Work directly with the line manger for risk assessment program in line with IT security policies; recommend method and approaches for vulnerability detection and its remediation
8. Techniques as part of continuous improvement process.
9. Participate in monitoring external threat situation, assessments of security advisories, implement mitigating actions and communication of security patch advisories.
10. Provide technical leadership and guidance in the acquisition, design, development, implementation and support of the various components of the security architectural framework
11. Help ITCM in developing standards, procedures, and guidelines that will assist the application development teams in integrating security requirements within their applications and databases.
12. Perform security risk assessments and security exposure analysis of business applications and databases.
13. Assist in the implementation of industry best practices/standards/frameworks
14. Promote corporate wide information security awareness