Information Security Officer Business Analysis/PM
The Information Security Officer (ISO) will be responsible for development and execution of an annual, written, risk based Information Security Program as well as running the training and induction on security for new joiners. The Information Security Officer will be reporting directly into the Head of Technology and the ousourced security team.
Area of Responsibility
Responsible for driving & liaising with the parent Bank and ensure implementation of group wide information security initiatives.
Job Requirements/ Specification
- Promote and enforce this Information Security Program;
- Promote user awareness initiatives amongst employees and managers towards information security
- Conduct gap analysis vis-à-vis the applicable regulatory/statutory requirements related to information security and ensure implementation of adequate controls. Also, ensure all observations pertaining to information security assessments (internal/external) are tracked and complied.
- Ensure all IT assets including servers/applications/end user machines undergo hardening and vulnerability assessments as per the guidelines laid down. Also, ensure that the hardening baselines are maintained.
- Ensure all internet facing websites are subject to penetration testing on annual basis and are enrolled for on-going cloud based vulnerability scanning.
- Ensure that any exercise which could have an impact on the common IT infrastructure used by the Group or which involves granting external agencies access to the data centre systems or infrastructure should not be undertaken without prior approval from the Information Security Committee of the parent Bank
- Liaise with the parent Bank and ensure implementation of group wide information security initiatives
- Conduct investigations of information security incidents, which occur at The Bank including implementation of necessary corrective and preventive controls. This may entail co-ordination with the Security Operation Center (SoC) of the parent Bank
- Ensure the Information Security Committee (ISC) meetings are conducted at the Bank as per the terms of reference; and the proceedings are reported to the Information Security Committee of the parent Bank at its subsequent meeting
- Liaise with local forums and/or authorities to formally keep abreast of information security issues and advancements
Good knowledge and understanding of critical core banking IT systems & processes
Hands on experience on project management and Information Security
Huntress does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.
Huntress acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.
PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.