The primary responsibility of this position is to monitor security threats and breaches on applications, identify loopholes and analyze security risks on in-house and off the shelf applications and also ensure that any software developed or acquired meets these stringent standards.
It also enforcing security policies and procedures and manage the IT security program of the bank in order to reduce the risk of the confidentiality, integrity and availability of the banks information electronic assets.
- To support Head of Information Security to development, implementation, operation and maintenance of the information security / Application security policies and procedures.
- To support head of IS to perform technology risk assessments and risk management process (which involves analysing risks as well as identifying, describing and estimating) reviews for all technology domains, products and functions to ensure they are performed efficiently and effectively.
- Performs static/dynamic code testing, manual code inspection, threat modelling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
- Participates actively in product design meetings providing insight and direction related to application security risks.
- Contributes to the Software Development Life Cycle (SDLC) Standard and other documents to enforce high security standards and compliance with regulatory requirements and industry best practices for application security.
- Develops, maintains, and follows all Information Security procedures to support SDLC Standard.
- Works in tandem with architects, the security operations centre (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members.
- Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
- Develops and implement manual and automated web application security testing of e-commerce web applications to enforce security standards.
- Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations
- Ensure information security risk assessments and development of controls for its mitigation.
- Initiate, facilitates and promotes activities to create information security awareness throughout the organization.
- Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
- Analyse automated and manual processes to identify required information systems controls.
- Assess and recommend tools to automate information systems control processes.
- Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
- Provide information systems control status reporting to line manager and relevant stakeholders.