Duties and responsibilities
- Assisting the team in conducting control tests, identifying risks, and recommending security controls based on IT security policies, standards, and global information security best practices (such as ISO 27001:2013, CIS, NIST framework)
- Working with IT security technologies including SIEM, Cloud security technologies, host anti-virus software, content filtering software and monitoring and responding to alerts generated by such technologies.
- Conducting vulnerability scans using scanning tools, following up on identified vulnerabilities and findings with the respective system owners
- Co-authoring information security policies, standards to meet legal and regulatory requirements
- Assisting other team members in delivering security awareness training for MeDirect employees and third-party contractors, and guiding and advising MeDirect employees to ensure information security best practices are implemented within the Bank
- Assisting with conducting third-party cybersecurity due diligence at selection stage
- Assisting to cyber security incidents by coordinating with the system owners and following-up on by conducting investigations to mitigate future occurrences
Required knowledge, skills and experience
- Bachelor’s degree in IT, Business and Computing, Information Security, or other similar fields
- A minimum of 2 years’ experience working in information technology , preferably in the information security field
- Possession of an information security professional certification is ideal (CISSP, CISA, CISM, Security+)
- Good understanding of IP, TCP/IP, and other network administration protocols
- Working knowledge of security technologies including cloud security tools, firewalls, anti-virus, content filtering and vulnerability scanning software
- Working knowledge of information security policies, standards and procedures will be considered an asset
- Good presentation and report writing skills
- Excellent verbal and written communication skills in English