Information Systems Security Analyst

Information System Security Analyst

Applications are invited from suitably qualified professionals to resource the position of Information Systems Security Analyst, Information Systems Department, Information Technology and Records Management Division.

Reporting to the Information Systems Security Officer, Information Systems Department, the successful candidate will be responsible for:

1. Participating in the development, review and implementation of Information Systems policies, procedures and standards to safeguard the Bank’s application software, data and databases from unauthorized access, modification, destruction and/or disclosure.
2. Participating in the implementation and enforcement of corrective actions aimed at managing information security breaches, threats and vulnerabilities identified through information security reviews.
3. Assisting with the implementation of appropriate controls to reduce information security risks to an acceptable level, avoid or transfer risks affecting information systems, system components and/or services based on risk treatment decisions.
4. Participating in conducting risk assessment involving external audit firms conducting penetration and vulnerability assessments of the Bank’s information technology network.
5. Assisting with ensuring that secure areas such as the Bank’s server room are protected by appropriate entry controls to ensure that only authorized personnel are allowed access through the implementation and monitoring of an access register.
6. Assisting with the prevention of system security failures in the Bank’s IT infrastructure by ensuring the implementation and adherence to formal change management control procedures for all changes to equipment, software and application systems.
7. Granting users access to applications, file shares and other IT resources based on job function and in accordance with the information technology policies of the Bank.
8. Issuing, renewing and revoking digital certificates for secure access by users of application systems on a timely basis.
9. Assisting with the resetting, configuring, deleting and re-configuring of eTokens to allow internal and external users access to sensitive real-time application systems.
10. Assisting with the administration of the Bank’s Public Key Infrastructure by managing the availability and use of digital certificates in the operational environment.
11. Preparing risk assessment reports based on periodic tests of Bank’s network, systems, applications and processes, to verify the safety of the Bank’s application software, data and databases from unauthorized access, modification, destruction and/or disclosure. 
12. Investigating, analyzing and reporting on system incidents; outlining the root cause, corrective actions, preventive measures and recommend improvements to the Bank’s information systems security architecture.
13. Assisting with conducting quality assurance tests and reviews on systems in development to ensure that Bank’s information systems security standards are adhered to.
14. Performing periodic assessments on internetworking devices to ensure that these devices are securely configured.
15. Assisting with the development of material to support the Bank’s information systems security awareness program.
16. Keeping abreast of incident resolution techniques to ensure thorough understanding, proper analysis and reporting in order to prevent re-occurrences.
17. Assisting with developing the Bank’s Information System Business Continuity and disaster recovery programmes through the Identification, development, documentation, and testing of procedures to ensure continuity of operations in the event of accident, disaster, emergency, and/or threat.
18. Preparing reports based on routine and ad-hoc reviews of systems configurations and logs to ensure compliance with the Bank’s Information Systems policies and procedures and devise plans for appropriate resolution.
19. Providing technical support to resolve information systems security problems encountered by users.
20. Conducting visits to the Bank’s Off-Site facilities inclusive of the Alternate Site & Off-Site Tape Storage Facility as necessary.

QUALIFICATION AND EXPERIENCE

• A Master's degree in Computer Science or other related disciplines with a minimum of three (3) years experience in Security Incident and Event Monitoring, Data Loss Prevention, and Vulnerability Scanning.

OR

• A Bachelor’s degree in Computer Science or other related disciplines with a minimum of five (5) years experience in Security Incident and Event Monitoring, Data Loss Prevention, and Vulnerability Scanning.
• Certification in CISA and/or CISSP would be an asset.

SPECIFIC KNOWLEDGE AND SKILLS REQUIRED

• Sound knowledge of the Bank’s operations, policies and procedures with regard to the information systems infrastructure.
• Excellent knowledge of the Bank’s IS Security policies and procedures, data security standards and networking security standards.
• Sound understanding of the Electronic Transactions Act 2006 and Cybercrimes Act 2010.
• Experience with Risk Assessment Methods, Penetration Testing, and Application Security.
• Working technical knowledge of Email and Web Filtering.
• Strong understanding of IP, TCP/IP, and other network administration protocols.
• Strong understanding of Windows, Linux, and OS400 operating systems.
• Sound knowledge of the COBIT IT Governance and ITIL IT Service Management frameworks.
• Experienced in IT Management best practice including Problem, Incident and Change Management.
• Sound knowledge of best practice and certification standards for information security to include ISO 17799/27001.
• Sound knowledge of information systems security and assurance technologies to include antivirus, DLP, IPS and encryption technologies.
• Knowledge of standards and procedures in the development and implementation of information systems.
• Ability to conduct research and troubleshoot information security issues and products as required.
• Demonstrate proven analytical and problem-solving abilities.
• Excellent interpersonal and communication skills.

SPECIAL CONDITIONS ASSOCIATED WITH THE JOB

• Generally agreeable
• Modern office environment
• Occasionally required to work extended hours

Interested persons who meet the above requirements should complete the application form with cover letter and full resume no later than Friday, 13 October 2023.