Beschreibung
Task:Security Risk Analyst
1) Execute specialist IT Security Risk Assessments on major Bank programmes such as the Strategic Renewal Project within IB Operations IT or other new technologies such as cloud computing. Such IT Security Risk Assessment will typically comprise of a holistic review of a design proposal against current Bank policies and standards.
2) Liaise with other CIO area?s IT Security / IT Risk Managers for projects/programs that span across multiple CIO areas which requires partnership with the Client Facing Technology IT Security Manager.
3) Areas of review will consist of but not limited to: Authentication / Authorisation / Provisioning / User Access Management / Security Architecture / Data Protection / Logging / Monitoring / Encryption / Application Security / Input Validation / Test Data Strategy as well as specific legal / jurisdictional as well as regulatory requirements.
4) Furthermore, the role will be involved in Security Assurance work which will consist of providing planning/tracking of and governance around IT Security Penetration Testing, as executed by Group IT Risk as well as Group Security Technology. In addition, the role will have involvement into the establishment of Source Code Security Scanning Capabilities across IB IT applications, as part of the development lifecycle.
5) The role will provide the opportunity to enhance and optimize the implementation of sustainable security controls along the full Software Development Lifecycle within IB IT globally. This area of responsibility will require the successful applicant to provide Security Consultancy services to various projects globally.
Vulnerability Managment
1) Responsibility for the IT Vulnerability Lifecycle Management process across IB IT globally
2) Work together with the Security Event and Incident Management (SEIM) function as well as with engineering and service delivery functions to assist with/agree on technical risk assessments of vulnerabilities
3) Work with Remediation Stream Owners to ensure appropriate remediation/mitigation is being planned and tracked
4) Ensure that Business Impact Assessments ? based on technical risk assessment input - as done by the IB Application Owners are adequate
Requirements (Must have):
- A person with excellent communication and organisational skills
- Able to interact comfortably with all levels of management
- Able to network well and get along with people
- A person with a technical background, with an ability to understand and appreciate different technologies and infrastructure
- Detail oriented, analytical, a good writer and presenter
- Respected, influential, have very high integrity, able to work under pressure and tight deadlines
- Person with experience in IT Risk and IT Security
- Person with initiative, a self starter that can develop project plans and manage projects within deadlines
- Comfortable with hands-on ?delve into the details? work, as well as high level strategic analysis
- A person that can handle sensitive material appropriately
- Process orientation and ability to spot security design control weaknesses or missing controls.
- General IT technical knowledge to quickly understand technical vulnerability information and bring it into IB business context.
- Will be expected to have solid experience in IT Security and/or IT Risk Management
- Integrate professionalism into the existing team of risk analysts.
- Strong interpersonal, analytical and documentation skills.
- Verbal communication, writing and presentation skills.
- Experience in a project environment.
Language: English must, German nice to have
Beginn: asap
Dauer: 6 Month
Branche: Bank/Finanzen