ITCISO08 - Security Asessment Services
We are looking for a qualified Security Assessments Services Personnel for Information Security Organisation to implement and maintain our security systems.
Job Descriptions :
- Identifying and measuring the security risk to the Bank's information assets and information processing facilities.
- Designing and managing a comprehensive testing program embedded into the Systems/Software Development Life Cycle (SDLC) that evaluates security vulnerabilities during code development and in primary dependent systems.
- Managing and implementing penetration testing to evaluate the security controls and vulnerabilities in the system.
- Evaluating and creating report regarding SDLC output (Penetration Testing and Vulnerability Assessment)
- Managing and coordinating the activities of 3rd parties who are providing security capabilities.
- Performing 3rd party information risk assessments as necessary.
- Creating risk log from risk assessment result for risk register
- Minimum 5 years experience in security assessment & reviews in global financial organizations
- Strong working knowledge of penetration testing, vulnerability assessment, and source code review
- Experience with secure SDLC
- Experience with Vendor Assessment
- Expert knowledge of IT security technology (e.g., firewall, IPS, key management, antivirus, patch management, end point protection)
- Strong working knowledge of industry frameworks (e.g., ISO 27002, NIST Cyber Security Framework, OWASP)
- Preferable CSX Fundamentals, COBIT 5, ITIL Fundamental, ISO 27001 LA/LI, ISO 9000 Quality Management System, TOGAF 9.1, Systems Security Certified Practitioner (SSCP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH)
- Ability to interact with senior executives
- Excellent written / verbal communication skills
- minimum S1 with relevant background