Information Systems Security Analyst / SeniorAnalyst (Banking)

• Design, Implement & maintain Cloud Security Measures for public/private Cloud Infrastructure Platforms. This includes Securing Virtual Machines, storage Systems, Networks or Cloud Resources
• Develop and maintain security baselines for all information systems and ensure regular maintenance and update of all baselines inventory bank wide
• Perform regular baseline scans or reviews as applicable to ensure compliance with the developed security baselines and follow up on mitigating the identified gaps/findings
• Support the implementation of the different security projects and initiatives through defining the necessary security requirements in full alignment with the security policies and industry requirements
• Contribute to the design and implementation of security controls & technologies including but not limited to firewalls, intrusion detection/prevention systems, access controls and cryptographic mechanisms to strengthen the bank security posture
• Conduct comprehensive reviews for security controls & configurations in alignment with Banks' policy, compliance & regulation mandates and industry best practices
• Effectively participate in the change and release management process to ensure adequate security controls are applied before go-live
• Review and approve access control requests over different technology platforms/ and network security infrastructure to ensure adequate application of the approved security policies (e.g., Firewall rules change review)
• Participate in the new server provisioning process to ensure conducting the needed security checks and ensure closure of any identified gaps before production deployment
• Ensure proper management and enforcement of privileged accounts over different technology layers (Operating System, Database, Application) including account designation, and implementation of privileged access control requirements
• Review and approve privileged access related requests including but not limited to (generic accounts creation, PAM access, access to existing accounts, etc.)
• Assess and provide recommendations for IT & Cyber security policy deviation requests and ensure proper tracking of the same
  
  

Requirements

Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred.

 3-5 (5-8 for the senior) years of proven experience in security domains

 Strong knowledge of Operating Systems Principals, secure design principles, and common security vulnerabilities

 Has strong technical experience and knowledge of several cyber security technologies including firewalls, IDS/IPS, DLP, End Point Security, Data Encryption, Database Security, Web/Email Filtering vulnerability scanners, code analysis tools, etc.

 Knowledge of industry regulations and standards such as CIS benchmark, ISO 27001, NIST, OWASP, etc.

 Experience conducting security assessments, vulnerability testing, and risk assessments.

Mandatory Certification:

 CISSP

 CCSP or CCSE

 Technical Certification ex. Cisco, Palo Alto, F5, etc.

Recommended Certification:

 CISM

 CSSLP

 CEH

 Security+

 GIAC Certificates

 Strong communication and presentation skills

 Strong problem-solving and analytical skills

 Proficient verbal and written English

 Time Management skills