A renowned international bank is looking for IT Security Manager who oversees all aspects of Information, data and network security. It also includes regulatory compliance, proper application of policies and review day-to-day IT operational activities and related risks. His primary responsibility to perform first level of control and audit the security system and appliances deployed are as per standard policies defined by the institution. The proper control of the procedures and policies formalized by an enterprise should be also taken into consideration. It is also his responsibility to follow-up the recommendations given by various control and auditors with all domain managers and team members.
This would include anything from initial security review, defining IT security design and frame work, verification of security appliances efficiency, control of various activities under various domains who have the access to information and data (physical, logical and electronic) of the bank. He will be also responsible for the implementation and application of policies and procedures, administration of logs backup, ensure the alignment of BCP according to infrastructure, monitoring of security and logs for the various applications used by the bank.
The basis list has been prepared to assist the institution to implement a regular control concerning Information security and risk matrix. The control is not limited to the checklist only but also if any process or activity affect Information Security and risk must be taken into the scope. It is just a roadmap, to help the organization but actual delivery depends on time, situation and current Information Security policies, their perimeter and scope as developed, approved and deployed by the bank
The minimum qualification should be graduate in IT or Computer science having at least 5 years of working experiences in IT security technical domain.
With the rise in prominence of the sector, and the emergence of specifically related degrees like IT audit and risk compliances based on certain frameworks like ISO 31000, COBIT, Risk IT and Val IT, CCNA, CCNP
Following are the necessary education and training can be refereed.
01. Advanced knowledge of issues and methodologies linked to security.
02. Deep Knowledge of risk assessment and control tools, vulnerability audits and penetration testing tools (Metasploit, Rapid7, an experience in penetration testing would be highly appreciated.
03. Excellent knowledge of IT security within a corporate network.
04. Mastering systems infrastructure, security, and administration in Linux and Windows environment, mail systems (Exchange), PKI
05. Good knowledge in networks infrastructure and security: 802.1x, Cisco security technologies – a CCNA/CCNP is highly desired.
06. Mastering databases architecture and security: Oracle, SQL Server, Access.
07. Mastering security standard, procedures, and related tools and technology: monitoring systems, alerts, automation (SCCM).
08. Mastering with Web and Mobile security have good skills to perfroms various type if test and review
Proficient in various types of security appliances and protocols i.e. CISO, Fortinet, SonicWALL, TCP/IP and IPSec
An ITSM needs to have:
Effective communication of user awareness matters and resolutions
Cisco Firewall Security, Social Security Management, Checkpoint Security, Enterprise Network Security, Security Protocols, Security Plan Preparation, Security Analysis, Cisco Information Security, Security Plan Preparation,