Position Name: IT SecurityVice President for a leading Bank
Qualification: Bachelor / Master's Degree in IT
Experience: 12+ Years
Job Objective:
- The IT Security Vice president is responsible for establishing and maintaining a corporate wide information security management and IT Security management program to ensure that IT assets are adequately protected.
- Identifying, evaluating, and reporting on IT security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company.
- Instil the duty to protect the systems and the data of the customers and employees.
Experiences
- Experience in IT Network security, application security, Antivirus measures and other security areas is a must with a Bachelors Degree in computer science, engineering, or a related field; (post graduate degree preferred).
- Minimum 12+ years’ experience in information technology of which majority in information security and cyber security operations management experience. At least 5+ years of experience in the leadership role, which includes providing forward looking vision, managing security experts, mentoring, meeting business goals as a leader.
- Certifications in CISSP, CCSP, CISA, CISM, CCIE are highly desirable. In-depth knowledge on Kali Linux/ ParrotOS is valuable. Strong Skills in Cisco Routing, Switching; Proficient Fortinet, Cisco ASA, Radware load Balancer, Aruba wireless, Nexus 9K.MPLS & IPSEC, strong knowledge of LAN and WAN.Experience in enterprise networks security.
- Strong knowledge on OWASP application attacks, Strong knowledge of networks, operating systems, cryptography, preventive, detective and offensive security solutions. Detailed understanding of APT, Cyber Crime, Dark web and associated tactics, Fundamental knowledge of web applications protocols.
- Experience with multi-factor authentication, intrusion detection, and managing threat intelligence.
- Industry knowledge of border testing, security policies, DR procedures & policies, remediation strategies and risk assessment are required and Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection. Moreover, Strong knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations.
- In depth relevant experience, including but not limited to firewall, intrusion detection, cyber-attack tools and defences, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi factor authentication.
- Knowledge of security, risk and control frameworks and standards; all necessary certifications.
Roles and Responsibilities:
- Manage IT Security Operations budget and resources and participate in IT planning and project management.Strengthen and formalize security processes both within the security team and with other supporting resources.
- Oversee and manage security projects including design, implementation, and integration of new or upgraded technologies.Manage industry best practice guidance and security hardening guidelines for company.
- Manage the Identity and Access Management (IAM) Program.
- Managing all internal and external security compliance engagement activities.
- Managing, documenting, and communicating compliance requirements, timelines, and road map to supporting teams and leadership.
- Leads the effort to develop, enhance and implement security training program based on policies.
- Communicating the compliance posture and effectiveness to management on a scheduled basis.
- Developing and working with supporting teams to design and implement an automated control strategy and exception reporting process.
- Safeguards information system assets by identifying and solving potential and actual security problems.
- Protects system by defining access privileges, control structures, and resources.
- Recognizes problems by identifying abnormalities; reporting violations.
- Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
- Determines security violations and inefficiencies by conducting periodic audits.
- Upgrades system by implementing and maintaining security controls.
- Keeps users informed by preparing performance reports; communicating system status.
- Maintains quality service by following organization standards.
- Maintains technical knowledge by attending educational workshops; reviewing publications.
- Hands-on experience analysing high volumes of logs, network data and other attack artefacts.
- Experience with vulnerability scanning solutions.
- Proficiency with antivirus and security software.