Application & Infrastructure Security Officer
Are you a self-starter? Do
you possess the ability to operate independently within minimum guidance yet
produce measurable results? We are looking for an experienced professional with
an agile mindset and the capability to influence the organizational direction
for application and infrastructure security who will be responsible for
end-to-end oversight of all security programs designed to protect
infrastructure footprint.
Reporting to Head – ICT Security Operations, the role holder will enforce security policies to protect the organization’s computer infrastructure, networks and data by identifying vulnerabilities caused by weaknesses or flaws in software and hardware that could expose the infrastructure to a security breach. He/she will evaluate the effectiveness of existing security measures, such as firewalls, password policies, and intrusion-detection systems, and make recommendations to improve security based on their assessments and knowledge of current and emerging threats.
Specifically, the successful jobholder will be required to:
- Develop and maintain a prioritized asset and
applications register of all ICT assets in the bank.
- Configure reviews across infrastructure devices,
servers, and databases to ensure that a threat-aware approach to systems
and infrastructure setup is adopted.
- Enforce policies, secure configurations, and
rulesets that will enforce the protection of data and limit user access as
appropriate. Ensure all bank systems are appropriately hardened to enforce
the protection of data.
- Enforce patch management across all enterprise
systems. Ensure that all systems are regularly updated and report on
discrepancies based on criticality.
- Ensure firewalls, switches and other infrastructure
are up to date and are running optimized security configurations and
policies.
- Conduct regular penetration testing exercises on the
Bank’s infrastructure to ascertain the robustness of the security configurations
and deployed tools in line with regulatory recommendations.
- Certify all system configurations are secure and
that adequate security controls are in place before any system goes
live. Act as the Change & Configuration Manager and work with
technical teams, and service managers to ensure systems promoted to live
are compliant to internal policy.
- Coordinate and conduct red team tests with the
SOC/risk team to assure on IOC (indicators of compromise) detection
capabilities.
- Communicate security risk through documentation,
conversation, and presentations with the objective of driving awareness
and informed decision-making for the ICT team.
Skills, Competencies and Experience
The successful candidate will be required to have the following
skills and competencies:
- An IT-related bachelor’s degree or business-related
degree with relevant IT Security professional qualifications i.e. Cisco
Certified Network Associate (CCNA)/ Certified Information Systems Auditor
(CISA) certification/ Certified Information Systems Security Professional
(CISSP) CCIE (Security), CEH, CHP or other relevant security
certifications.
- At least 3 years of experience in leading ICT
Security Services Strong knowledge of security architectures and
technologies including assessment, methodologies, compliance standards,
etc.
- Knowledge of security standards and compliance like
PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, CSF, COBIT, ITIL, SANS 20
- Good understanding and knowledge of security
assessment, vulnerability management, penetration testing methodologies,
and toolsets
- Working knowledge and experience in penetration
testing and vulnerability assessments
- Knowledge of common cybersecurity threats and
sources of cybersecurity information
- Good understanding and knowledge of risk assessment,
risk procedures, security assessment, vulnerability management,
penetration testing
- Excellent business relationship, interpersonal
communication, presentation, and stakeholder management skills
How to apply:
If you are confident that
you fit the role and person profile and you are keen to add value to your
career then please forward your application enclosing detailed curriculum vitae
to jobs@co-opbank.co.ke indicating the job
reference number “AISO/IID/2022” by
close of business on 8th December 2022.
We are an equal-opportunity employer.