Application & Infrastructure Security Officer
Are you a self-starter? Do
you possess the ability to operate independently within minimum guidance yet
produce measurable results? We are looking for an experienced professional with
an agile mindset and the capability to influence the organizational
direction for application and infrastructure security who will be responsible
for end-to-end oversight of all security programs designed to protect
infrastructure footprint.
Reporting to Head – ICT
Security Operations, the role holder will enforce security policies to protect
the organization’s computer infrastructure, networks and data by identifying
vulnerabilities caused by weaknesses or flaws in software and hardware that
could expose the infrastructure to a security breach. He/she will evaluate the
effectiveness of existing security measures, such as firewalls, password
policies, and intrusion-detection systems, and make recommendations to improve
security based on their assessments and knowledge of current and emerging
threats.
Responsibilities
Specifically, the successful jobholder will be required to:
- Develop and maintain a prioritized asset and
applications register of all ICT assets in the bank.
- Configure reviews across infrastructure devices,
servers, and databases to ensure that a threat-aware approach to systems
and infrastructure setup is adopted.
- Enforce policies, secure configurations, and
rulesets that will enforce the protection of data and limit user access as
appropriate. Ensure all bank systems are appropriately hardened to enforce
the protection of data.
- Enforce patch management across all enterprise
systems. Ensure that all systems are regularly updated and report on
discrepancies based on criticality.
- Ensure firewalls, switches and other infrastructure
are up to date and are running optimized security configurations and
policies.
- Conduct regular penetration testing exercises on the
Bank’s infrastructure to ascertain the robustness of the security
configurations and deployed tools in line with regulatory recommendations.
- Certify all system configurations are secure and
that adequate security controls are in place before any system goes
live. Act as the Change & Configuration Manager and work with
technical teams, and service managers to ensure systems promoted to live
are compliant to internal policy.
- Coordinate and conduct red team tests with the
SOC/risk team to assure on IOC (indicators of compromise) detection
capabilities.
- Communicate security risk through documentation,
conversation, and presentations with the objective of driving awareness
and informed decision-making for the ICT team.
Qualifications
The successful candidate will be required to have the
following skills and competencies:
- An IT-related
bachelor’s degree or business-related degree with relevant IT Security
professional qualifications i.e. Cisco Certified Network Associate (CCNA)/
Certified Information Systems Auditor (CISA) certification/ Certified
Information Systems Security Professional (CISSP) CCIE (Security), CEH,
CHP or other relevant security certifications.
- At least 3
years of experience in leading ICT Security Services Strong knowledge of
security architectures and technologies including assessment,
methodologies, compliance standards, etc.
- Knowledge of
security standards and compliance like PCI, HIPAA, Sarbanes Oxley, ISO
27001, NIST, CSF, COBIT, ITIL, SANS 20
- Good
understanding and knowledge of security assessment, vulnerability
management, penetration testing methodologies, and toolsets
- Working
knowledge and experience in penetration testing and vulnerability
assessments
- Knowledge of
common cybersecurity threats and sources of cybersecurity information
- Good
understanding and knowledge of risk assessment, risk procedures, security
assessment, vulnerability management, penetration testing
- Excellent
business relationship, interpersonal communication, presentation, and
stakeholder management skills
How to apply:
If you are confident that you fit the role and person profile and
you are keen to add value to your career then please forward your application
enclosing detailed curriculum vitae to jobs@co-opbank.co.ke indicating
the job reference number “AISO/IID/2022” by
close of business on 8th December 2022.
We are an equal-opportunity employer.