• Supports the Bank’s cloud security programmes implementation activities, completing the required security reviews and assessments as necessaryto ensure that the Bank’s move to the cloud is completed securely while keeping the information security risk at an acceptable level.
• Assists with the remediation of vulnerabilities identified, determining root cause and associated remediation actions, and undertaking business unit investigations to ensure vulnerabilities are mitigated, or risks are accepted in accordance with Operational Risk Management policies and unit issues are resolved through suitable recommendations.
• Supports the completion of risk assessments, gap analyses of current policies and standards, making recommendations to remediate risks and gaps identified   to ensure that the Bank’s cloud security practice(s) are aligned to best practice and compliant with recognised standards.
• Supports audit and compliance reviews related to application and cloud security, providing requested information, and assisting with the closure of audit and compliance deficiencies to ensure closure of any deficiencies / gaps identified and mitigating actions are implemented to ensure the Bank and its applications are protected.
• Produces reports on data to support the units KPI and KRI, collating data and undertaking initial analysis and making suggestions on improvements for review and approval to enable cloud security reporting to management and the board.
• Collects & evaluates   information required to investigate and remediate alerts received (from the onsite security tools and third-party providers of information security services), e.g. cloud security tools, network security tools, and data protection tools. To enable further analysis of alerts, implications, corrective measures and ensure that the Bank’s assets are protected, and any breaches are speedily detected and contained. 
• Keeps  abreast of financial industry regulations and practices related to network security and cyber incidents across the region, to support research of emerging threats and vulnerabilities by keeping to ensure gaps are identified and mitigating actions implemented to ensure the Bank is / remains protected.

• At least two years’ experience in information security and primarily IT Risk Management
• At least one years’ experience in another IT function, especially IT audit
• At least one years’ experience with regulatory compliance and information security management frameworks, e.g., IS027000, COBIT, National Institute of Science and Technology (NIST), etc.
• Practical experience with cloud and application security
• Knowledge of one or more of the following: Google Cloud Platform, Azure, Amazon Web Services, Cloud Foundry, or other cloud technologies would be an asset.
• Current knowledge of Information security technologies and technology-based solutions dealing with information security issues
• Understanding of current and emerging technologies and their security implications, e.g. Cloud, Agile and Dev Ops
• Knowledge of Information security risk management, e.g. processes, tools, techniques, and practices for assuring adherence to standards associated with accessing, altering, and protecting organisational data.
• Knowledge of frameworks from National Institute of Science & Technology (NIST), Centre for Internet Security (CIS) and IT Controls.
• Undergraduate degree in Computer Science, Information Security, or a related field and one or more of the following or related professional certifications:
• Certified Cloud Security Professional (CCSP)
• Certificate of Cloud Security Knowledge (CCSK)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP).

JOB SNAPSHOT:
Category: Technology  
Function: Technology   
Position reports to: Senior Manager, Cloud Security

Expiry Date: 5-12-2025