بنك الرياض يعلن عن وظيفة أخصائي أمن المعلومات والسيبراني في الرياض

Job Purpose / Role:

To establish, manage and enforce system access controls and security systems to protect the bank’s Information Technology assets. To participate in the identification, tracking, and monitoring of information security threats and service operations. To perform bank-wide asset risk assessment(s) and monitor risk across Riyad Bank.

Areas Of Responsibility:

• Policies, Processes & Procedures

Follows all relevant departmental policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.

• Day- to-day operations

Follows the day-to-day operations related to own job to ensure continuity of work.

• Cyber & Information Security

Analyses the new and existing BT systems and applications in order to identify compliance with the security policies and proposes solutions to overcome any potential discrepancy.

Identifies processes, tools and techniques that can enhance the protection of the Bank from potential breaches and provides guidance in the area of forensics, so as to shield the operations of the bank against potential threats.

Monitors and support the accurate implementation of security systems and tools for the compliance of security operations with the security policies and standards.

Develops analytical reports regarding the compliance of the security operations with standards, so as to inform accordingly the management.

Performs security enforcement reviews of the systems in the Bank and the new systems being implemented.

Identifies processes, tools and techniques for enhancing the security controls in information systems in the Bank.

Documents security enforcement rules across all layers of IT architecture (apps, database, systems, infrastructure, end point devices) based on the security policies and standards.

Maintains up to date record of security controls from all security policies and standards.

Reviews security policies and standards to assess the design effectiveness and enforceability of the controls.

Reviews applications and infrastructure systems to assess their compliance with security policies, and to enforce security controls to mitigate the risks discovered.

Understands business and technical requirements in their initiatives and proposes security solutions to comply with the security policies and standards.

Provides guidance to project teams in implementing security controls and complying with the security policies and standards.

Analyzes business and technical issues during operations to discover failure of security controls. Enforces security controls, and proposes revised security controls, where required, in compliance with the security policies and standards.

Enforces vulnerability management practices as per the Vulnerability Management policies and framework.

Reviews infrastructure systems and security control systems for their compliance with the baseline security standards.

Reports status of baseline security standard compliance of systems to applicable teams and management.

Ensures coverage of all systems in vulnerability scanning, and ensures periodic vulnerability scanning of all systems.

Ensures periodic reporting of all vulnerabilities to applicable teams in timely manner.

Reports status of vulnerabilities to applicable teams, reports aging analysis of vulnerabilities, and reports vulnerability management KPIs, to applicable teams and management in timely manner.

Reviews and enforces security controls for effective Identity and Access Management across all systems and applications.

Reviews code security scans to ensure that source code is free from security vulnerabilities.

Enforces mitigation of security vulnerabilities discovered in source code.

Reviews remote access granted to users and ensures that the access that is not required is removed, and that any access granted does not pose security risk.

Conducts security testing of new business applications, upgrades in the applications, and changes to ensure and to enforce applicable security controls.

Reviews security control systems and related operational processes to ensure that they are operated in accordance with the security policies.

Analyzes failed security controls and ineffective controls to identify the possible impact and proposes corrective actions to mitigate the risk.

Continuous Improvement:

Contributes to the identification of opportunities for continuous improvement of processes and practices taking into account ‘international best practice’, improvement of business processes, cost reduction and productivity improvement

Reporting:

Assists in the preparation of timely and accurate reports of Riyad Bank to meet company and department requirements, policies and standards

Safety, Quality & Environment:

Complies with all relevant safety, quality and environmental management policies, procedures and controls to ensure a healthy and safe work environment.

Related Assignments:

Performs other related duties or assignments as directed within the confinement of the departmental roles and responsibilities.

Qualifications & Experience:

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Information Technology

Minimum Experience:

• 2-4 Year of relevant experience in Information security (compliance, governance, risk, programme management, operations)

Language:

English: Advanced