Purpose of the Role:

Key Accountabilities:

• Embeds the Bank’s information security incident and problem management processes within the Bank, working collaboratively with the Manager in Technology who is responsible for incident management. Ensures that the processes are current and consistent with the international industry practices. Provides awareness sessions and job aids to the respective stakeholders. Monitors the implementation of the associated policies, standards and processes.
• Working collaboratively with stakeholders responsible for incident management across Bank, leads activities related to data breach response and pre-emptive cybersecurity. Coordinates efforts among multiple business units during response efforts, to ensure breaches are contained, the bank information assets are protected, and regulatory compliance is maintained.
• Maintains (collects, catalogues and stores, etc.) relevant breach evidence in accordance with established protocols and good practice.
• Responsible for the implementation and ongoing maintenance of all security monitoring and compliance tools. This may involve updating databases, writing / updating procedures, checking understanding and adherence, implementing various tools, working with vendors, and project management activities. 
• Responsible for network monitoring and intrusion detection analysis using various computer network defence (CND) tools, such as intrusion detection / prevention systems (IDS / IPS), firewalls, host-based security system (HBSS), data loss prevention (DLP), etc. to ensure the protection of the Bank’s information assets. Correlates network activity across networks to identify trends of unauthorized use, via logging and SIEM implementation.
• Reviews alerts and data from sensors and documents formal, technical incident reports. Responds to computer security incidents and problems according to the information security incident response process. Provides oversight for investigations related to information security (network breaches / unauthorized data access, etc.), escalates in accordance with established processes and provides recommendations for control improvements. Provides guidance to first responders for handling information security incidents.
• Ensures that the Bank’s cybersecurity playbook (an automated guide for delivering a response to a cybersecurity event, which can be deployed, and act across the entire network to respond automatically to meet and stop cybersecurity threats) is current, fit for purpose and regularly exercised. Leads the maintenance (updating documentation and awareness training as required) of the cybersecurity playbook, based on research of the industry and associated gap analysis. Plans and manages the execution of tabletop exercises for all applicable high and medium risk threats identified in the playbook.  
• Researches emerging threats and vulnerabilities to aid in the identification of network incidents, analyses potential impacts of new threats and communicates risks and mitigating actions to relevant business units. Works with respective Technology teams to ensure all vulnerabilities identified are mitigated or risk accepted in accordance with Operational Risk Management policies
• Compiles and analyses data for management reporting and metrics.
• Keeps abreast of financial industry regulations and practices related to network security and cyber incidents across the region. Completes gap analyses of current policies, standards and provides recommendations to senior management to ensure that the Bank remains in compliance. Defines enhancements to current policies and standards to close any identified gaps.
• Works collaboratively with third party service providers of information security services to the Bank to ensure compliance with contract terms, service level agreements (SLAs) and regulatory requirements.
• Participates in the audit and compliance reviews and works with the stakeholders to close the audit and compliance deficiencies identified.

Critical Knowledge & Skills Required:

• Information security technologies – excellent and current knowledge of technologies and technology-based solutions dealing with information / cyber security incidents.
• Good understanding of information security incident response practices, computer forensics, current cybersecurity threats to the financial services
• Decision-making and critical thinking – good knowledge of tools and techniques for effective use of a broad range of factors, assumptions, frameworks and perspectives when solving problems.
• Current understanding of IT security best practices
• Knowledge of NIST, Centre for Internet Security (CIS) and IT Controls.
• Good analytical skills
• Influencing skills
• Able to understand and analyse technology, and risk management principles
• Effective written and verbal communication skills:
  • able to conduct presentations and facilitate group meetings
  • effectively communicate with technical and non-technical resources
  • communicate complex and technical issues to diverse audiences
  • ability to tailor communication style to audience at hand
• Good organisational skills and good time management
• People management skills
• Ability to perform independent analysis of problems and distil relevant findings and root causes
• A team-focused mentality with the proven ability to work effectively with diverse stakeholders
• Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• Ability to compile and analyse data for management reporting and metrics
• Understanding of organisational mission, values, and goals and consistent application of this knowledge
• Ability to react to high pressure dynamic changing environments while maintaining a professional image and approach

Experience Required:

• Undergraduate or post graduate degree in Computer Science, Information Security, or a related field and one or more of the following or related professional certifications:
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE) Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• At least three years’ experience in information security, with at least one year’s information security incident & problem management
• At least three years’ experience in another IT function, especially IT audit
• At least two years’ experience with regulatory compliance and information security management frameworks, e.g., IS027000, COBIT, National Institute of Science and Technology (NIST), etc.
• Practical experience with security incident management tools

Or

• At least five years’ experience in information security or IT audit and one or more of the following or related professional certifications:
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• At least one years’ experience in information security incident & problem management
• At least two years’ experience with regulatory compliance and information security management frameworks, e.g., IS027000, COBIT, NIST etc.
• Practical experience with security incident management tools.

JOB SNAPSHOT:

Position reports to: Associate Director, Information Security & Cybersecurity Management  

Function: Information Security & Cyber Risk Management

Category: Information Security Mgmt

Expiry Date: 14-5-2025