Information Security Analyst
On-site Cairo, Cairo Governorate, Egypt 0036
Description
1. Follow the security risk assessment methodology to assess the different business initiatives and projects.
2. Perform security risk assessments to align with the bank’s security policies and guidelines.
3. Validate and review the business requirements and ensure the relevant security measures are catered for throughout the different phases of the software development and acquisition lifecycle and the demand management process including security design assessments.
4. Coordinate with the relevant IT and Business teams to ensure the proper management of test data during development and test phases.
5. Assist in updating the different Security KRIs and RCSA exercise to maintain a repository of the identified risks and develop an action plan to mitigate those risks.
6. Maintain the security risk log and file the necessary risk acceptances or corrective action plans, presenting the highlighted risks in a clear manner and proposing the relevant controls accordingly.
7. Participate in the bank-wide risk assessment and business impact analysis exercise to prioritize and classify critical business processes and supporting infrastructure from availability, confidentiality and integrity point of view.
8. Conduct security risk assessment for the identified vulnerabilities/issues resulting from the Vulnerability and Patch Management program or the different security third party/internal tests and scans to assess the severity of the security vulnerabilities, according to other temporal and environmental metrics.
9. Liaise with IT Security and Identity & Access Management teams to ensure the proper enforcement of the security policies and effective utilization of the security controls in alignment with business/security strategy and requirements.
10. Support the implementation of the strategic security projects to ensure proper alignment with the set security strategy and roadmap.
11. Research the latest information security trends and threats and continuously adapt to catch with the latest cyber-attacks and techniques.
12. Support the different security assessment exercises and ensure the effective implementation of the action plan with the relevant stakeholders.
13. Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
14. Follow the day-to-day operations related to own jobs in the Information Security Management department to ensure continuity of work.
Requirements
§ Bachelor’s degree of Engineering, Computer Science or equivalent
§ Minimum 2 - 4 years of work experience in Information Security, IT Security or IT Audit
§ Good knowledge about ISMS implementation and Security Risk assessments
§ Recommended Certifications
o CISSP
Skills:
§ Good command of English and Arabic languages
§ Good Time Management and Analytical skills
§ Good communication skills
