INFORMATION SECURITY ANALYST

Job Description

JOB PURPOSE: To support the Information Security Analysis area to implement and follow the developed security risk assessment framework and methodology. Thi s is achieved through conducting security risk assessments for the different business initiatives and projects by evaluating the threats and vulnerabilities, the level of current and residual risks against the set of security policies and guidelines to identify gaps and set the necessary security requirements and controls across different practices within the organization. Ensure the security requirements and measures are considered throughout the secure software development and acquisition life cycle of the different IT/Business Projects’ implementations, including the necessary security design assessments. KEY ACCOUNTABILITIES 1. Follow the security risk assessment methodology to assess the different business initiatives and projects. 2. Perform security risk assessments to align with the bank’s security policies and guidelines. 3. Validate and review the business requirements and ensure the relevant security measures are catered for throughout the different phases of the software development and acquisition lifecycle and the demand management process including security design assessments. 4. Coordinate with the relevant IT and Business teams to ensure the proper management of test data during development and test phases. 5. Assist in updating the different Security KRIs and RCSA exercise to maintain a repository of the identified risks and develop an action plan to mitigate those risks. 6. Maintain the security risk log and file the necessary risk acceptances or corrective action plans, presenting the highlighted risks in a clear manner and proposing the relevant controls accordingly. 7. Participate in the bank-wide risk assessment and business impact analysis exercise to prioritize and classify critical business processes and supporting infrastructure from availability, confidentiality and integrity point of view. 8. Conduct security risk assessment for the identified vulnerabilities/issues resulting from the Vulnerability and Patch Management program or the different security third party/internal tests and scans to assess the severity of the security vulnerabilities, according to other temporal and environmental metrics. 9. Liaise with IT Security and Identity & Access Management teams to ensure the proper enforcement of the security policies and effective utilization of the security controls in alignment with business/security strategy and requirements. 10. Support the implementation of the strategic security projects to ensure proper alignment with the set security strategy and roadmap. 11. Research the latest information security trends and threats and continuously adapt to catch with the latest cyber-attacks and techniques. Support the different security assessment exercises and ensure the effective implementation of the action plan with the relevant stakeholders. Qualifications & Experience § Bachelor’s degree of Engineering, Computer Science or equivalent § Minimum 2 - 4 years of work experience in Information Security, IT Security or IT Audit § Good knowledge about ISMS implementation and Security Risk assessments § Recommended Certifications o CISSP Skills § Good command of English and Arabic languages § Good Time Management and Analytical skills Good communication skills