Assistant Manager, Security Operations

Job Purpose

Ensuring IT systems and applications within our organization meet the needs of the business while adhering to security best-practices, compliance and regulatory requirements.

To work as part of an ongoing programme to improve the Information Security management and technical controls.

To maintain of the existing information security operational tasks and the continued development of new security processes.

Protect the bank's critical assets against any kind of threat and establishing security measures around key assets of an organization

Strengthen the castle walls to prevent intruder to compromise the defenses

Support investigations and incident management to aid the speedy resolution and mitigation of the cyber risk

Provide coordination with operational team to response in security threats & re-act to protect bank assets

Possess strong interpersonal and communication skills, and be able to work with a wide variety of people.

Key Responsibilities

IT Security

Develop a complete understanding of a company's technology and information systems.

Align organizational security strategy and infrastructure with overall business and technology strategy

Perform or supervise vulnerability testing, risk analyses and security assessments

Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers

Respond immediately to security-related incidents and provide thorough remedial solutions and analysis

Identify security threats and risks in the operating environment, and in cooperation with the other teams, analyzes the network environment and its current state of security readiness

Review risk assessment undertaken by the first line of defense to adhere to the company's risk control over IT vendor/ partner

SecOps

Responsible for security information and event management (SIEM), incident tracking, and threat intelligent

Responsible for security operation automation using SOAR (Security Orchestration, Automation, and Response) for detecting vulnerability, threats and response automatically.

Constantly monitoring for attacks and intrusions.

Analysis our current security measures to detect potential threats, recommending enhancements, identifying areas of weakness, and responding promptly to possible security breaches.

Write/configure neccessary scripts/ rules for vulnerability/ threats analysis and detection

Regularly communicate vital information, security needs and priorities to upper management

Support to prepare management updates on security risks, compliance to relevant local and group stakeholders.

Looking for vulnerabilities and risks in hardware and software. Work closely with stakeholders to mitigate and fix within SLA.

Respond to and investigate cybersecurity incidents

Investigate security breaches and other cyber security incidents. Document security breaches and assess the damage they cause.

Analyze system logs, define attacking methods, collect attacker's traces and start searching for suspect.

Other tasks assigned by line manager.

Job Specification

Bachelor's degree in Computer Science, Network Engineer, Cyber Security, Information Technology or a related technical field.

Certification in such as CEH/CISSP/BlueTeam is the plus.

Minimum 3 years working experience in

Experience in similar position in bankes/ Financial service company.

Technical/Functional skills

Proficient in Incident Management and Response

Have knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.

Familiar with regulatory guidelines such as SBV's Circular 18, Cir 35, 47.

Familiar with security solution such as SIEM, SOAR

Knowledge of information security controls, guidelines and standards, ISO, CIS, NIST, OWASP is the plus.

Familiar/ Experience in penetration testing.

Personal skills (Soft Competencies [Core/Leadership])

Delivers Result

Builds Relationships

Security mindsetl

Inquisitive approach and Inquisitive approach and attention to detail attention to detail

Good command of English