About The Role :
This role will arranging and implementing all IT governance rules in accordance with the scope and time period while managing IT security aspects which include monitoring and handling cyber security threats to the Bank as part of the cyber security and resilience strategy that has been established by Bank Management, and also manage the Identity Access Management System.
What You Will Do ;
- Representing IT in audit processes related to aspects of information security, disaster recovery, and risk management.
- Ensuring that governance principles are implemented in the Bank's daily processes and in accordance with applicable compliance regulations, as part of fulfilling the cyber security and resilience strategy set by Bank Management
- Implementing information security controls and risk mitigation controls to improve the Bank's security posture in accordance with the cyber security and resilience strategy established by Bank Management. In this case, this role will also be responsible for ensuring the effectiveness of controls and processes towards the Bank's compliance provisions through appropriate communication, routine practice checks, and continuous quality improvement of processes.
- Responsible for ensuring that the access management process at the Bank is implemented in accordance with applicable governance and compliance provisions. This includes identity and access management (access requests, assessing user access needs, determining privileged access needs, as well as reviewing audit process needs).
- Carrying out periodic reviews of user access rights which include aspects of the user access matrix, account provisioning and account de-provisioning for all application systems within the Bank in accordance with identity and access management procedures.
- Solving problems (troubleshooting) related to issues involving technology or information security controls including aspects of access management, endpoint security, infrastructure security, data security and cyber security threats.
- Assisting the change management process regarding security aspects which may include access requirements or security control configuration changes. In this regard, will also be responsible for assisting related parties in providing consultation on the best approach to implementing security technology controls and integrating them into the Bank's systems and applications.
- Providing consultations regarding information security aspects which include managing access management, endpoint security, infrastructure security, data security and cyber security threats.
- Reviewing the performance of the Bank's security system including fine tuning activities, housekeeping, and scheduled security configuration updates.
What You Need to Have :
- Min. Bachelor Degree in Computer Science or related fields
- Min. 5 years experience in Banking/Fintech industry
- An understanding of risk management and IT Governance.
- Experienced in implementing governance frameworks and standards for the banking industry such as COBIT, ITIL/ITSM, or ISO 27001.
- Experienced in IT audit processes that touch on information security, data privacy, risk management, or due diligence practices.
- Knowledge of ISO 27001, NIST, COBIT, and ITIL/ITSM.
- Knowledge of Information & Network Security, and IT Security Architecture
- Knowledge of OWASP Top 10, CWE/SANS Top 25, CIS CSC.
- Experienced in conducting security assessments which can include vulnerability assessments, penetration testing, or security hardening.
- Security technology comprehension that includes firewall, Anti-DDOS, WAF, SIEM, EDR, NDR, IAM, PAM, and DLP.
- Knowledge of IT-related business processes including managed services and cloud services, relating to project aspects, delivery support, infrastructure and software development.
