What will you do
1. Assist in developing/enforcing information security standards.
- Assist in the development and enforcement of information security standards & best practices across the Bank.
- Establish a mechanism to identify non-compliances to information security policies and standards.
2. Review, investigate & document IT security incidents
- Log, investigate and document findings of information security incidents.
- Review various logs of system (network, switches, firewalls, application servers, databases servers, etc), through SIEM report any unusual behavior, policy non-compliance or threat etc.
- Coordinate with relevant teams for IT security events/incidents and prepare responses in timely manner.
- Document and update the information security incident summary for management.
3. Technical Risk Assessment
- Perform Risk assessment of technology infrastructure & critical business applications and recommend appropriate controls on the basis of findings.
- Plan, design and perform the phishing campaigns.
- Participate in monitoring external threat situation, assessments of security advisories, implement mitigating actions and communication of security patch advisories.
- Help developing standards, procedures, and guidelines that will assist the technology department in integrating security requirements within their infrastructure & applications.
4. Review Security Control implementation
- Establish, Review & validate Baseline Security Configurations (Network devices, Operating System, Databases etc.)
5. Conduct security awareness campaigns
- Help in promoting security-awareness culture among KMBL staff.
- Develop training material & conduct corporate wide information security awareness campaigns & trainings.
6. Additional Tasks
- Complete other tasks and one-off projects as and when assigned by Manager Information Security.
What will you need
- BS/MS in Computer Science or Information security from an HEC recognized / overseas University.
- Certification in Networks, Datacenter technologies, IS Audit, IT Security Management, specially CEH, CPTP, ISO27001 LI would be an added advantage.
- preferably 2 years of Networks, Datacenter or IT security related experience.
Technical Risk Assessment, Information Security Awareness, IT Audit, Security Control, Cyber Security,