IT Security Manager

A renowned international bank is looking for IT Security Manager who oversees all aspects of Information, data and network security. It also includes regulatory compliance, proper application of policies and review day-to-day IT operational activities and related risks. His primary responsibility to perform first level of control and audit the security system and appliances deployed are as per standard policies defined by the institution. The proper control of the procedures and policies formalized by an enterprise should be also taken into consideration. It is also his responsibility to follow-up the recommendations given by various control and auditors with all domain managers and team members.

This would include anything from initial security review, defining IT security design and frame work, verification of security appliances efficiency, control of various activities under various domains who have the access to information and data (physical, logical and electronic) of the bank. He will be also responsible for the implementation and application of policies and procedures, administration of logs backup, ensure the alignment of BCP according to infrastructure, monitoring of security and logs for the various applications used by the bank.

The basis list has been prepared to assist the institution to implement a regular control concerning Information security and risk matrix. The control is not limited to the checklist only but also if any process or activity affect Information Security and risk must be taken into the scope. It is just a roadmap, to help the organization but actual delivery depends on time, situation and current Information Security policies, their perimeter and scope as developed, approved and deployed by the bank

1. Follow-up and ensure the application of the information system security policy.
2. Analyze, process, and prevent risks, dysfunctions, and security threats.
3. Implement the appropriate security methods and tools and follow their implementation.
4. Enforce norms and safety standards.
5. Regularly audit and control the security system.
6. Design and manage procedures to protect against intrusion or disaster.
7. Advise the management on IT security.
8. Preparation of dedicated budget for IT security
9. Participate in raising employee awareness of security and confidentiality issues
10. Maintain constant technological watch.
11. Review the housekeeping of all the information and related resources.
12. Review the Disaster recovery and Business continuity planning.
13. Monitoring of System, application, network and security logs.
14. Monitoring of unauthorized access of any application or software of the bank.
15. Supervision of the electronic documents kept on the server.
16. Guidelines to end users about threats and security.
17. Enforce the end users to keep users access keys (user id, password etc.) control and keep it changing periodically for all the applications and devices.
18. Prepare the guidelines for different departments to implement various types of security control on the system, database and applications.
19. Verification of required system and application policies and services.
20. Backup Register Verification
21. BCP review and debate with various stake holder.
22. Incident Reporting and call management
23. Review of System and application health register
24. Review of service reporting system
25. Verification of physical access register
26. Control check for audit remarks
27. Verification of risk register and capacity management register
28. Verification of configuration management register
29. Regular Control on domain activity
30. Applications log verification
31. Miscellaneous

The minimum qualification should be graduate in IT or Computer science having at least 5 years of working experiences in IT security technical domain.

With the rise in prominence of the sector, and the emergence of specifically related degrees like IT audit and risk compliances based on certain frameworks like ISO 31000, COBIT, Risk IT and Val IT, CCNA, CCNP

Following are the necessary education and training can be refereed.

• Information Security assesement.
• Strong background on network configuration, review and analyses
• Social and Network engineering.
• Human behavior and Trend analysis.
• Good experience with various systems like Windows, Linux and Unix.
• Good knowledge of Oracle Database, Vault and Firewall.
• Understanding for Cloud infrastructure security and management.Understanding for regulatory guidelines

Technical Skills

01.  Advanced knowledge of issues and methodologies linked to security.

02.  Deep Knowledge of risk assessment and control tools, vulnerability audits and penetration testing tools (Metasploit, Rapid7, an experience in penetration testing would be highly appreciated.

03.  Excellent knowledge of IT security within a corporate network.

04.  Mastering systems infrastructure, security, and administration in Linux and Windows environment, mail systems (Exchange), PKI

05.  Good knowledge in networks infrastructure and security: 802.1x, Cisco security technologies – a CCNA/CCNP is highly desired.

06.  Mastering databases architecture and security: Oracle, SQL Server, Access.

07.  Mastering security standard, procedures, and related tools and technology: monitoring systems, alerts, automation (SCCM).

08.  Mastering with Web and Mobile security have good skills to perfroms various type if test and review

Proficient in various types of security appliances and protocols i.e. CISO, Fortinet, SonicWALL, TCP/IP and IPSec

Other Skills

An ITSM needs to have:

• A keen interest in Information and data Security;
• Attention to detail, analytical abilities and the ability to recognize trends in data;
• Creativity and patience;
• Logic and objectivity;
• An inquisitive nature;
• A proactive approach with the confidence to make decisions;
• A methodical and well organized approach to work;
• Ability to work under pressure and meet deadlines;
• Communication skills and the ability to adapt communication styles to suit different recipients of information;
• Understanding of confidentiality issues, and the law relating to them.

Effective communication of user awareness matters and resolutions