Security Engineer (for AMAAN Project)

Security Engineer have a unique role in which you are being responsible for protecting IT infrastructure, edge devices, networks, and data by design, implement, monitor, and evaluate the security systems that protect an organization’s computer systems and data. You will work together like-minded people inside the Technology Organisation that oversee the heartbeat of AMAAN as a fully digital mass market ecosystem platform like no others.

Key Accountabilities
- Evaluates, tests, recommends, develops, coordinates, monitors and maintains information systems (IS) and cyber security policies, procedures and systems, including access management for hardware, firmware and software 
- Monitor achievement against targets
- Establish and maintain a continual improvement action list
- Quantify and monitor the types, volumes and impacts of security incidents and malfunctions
- Ensures that IS and cyber security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IS standards and overall IS and cyber security 
- Ensure that security controls are in place and documented
- Overseeing the delivery of IT security services, managing relationships and issues.
- Reporting to the Information Security Steering Group on all security related matters on a regular and ad-hoc basis when required
- Report to the compliance function breaches of regulatory requirements or security standards
- Operate as a key member of the Technology Architecture Board
- Develops techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents 
- Embedding security into all stages of the software lifecycle
- Manage risks associated with access to the service or systems to ensure they are within the Bank’s risk appetite.
- Define & Communicate the information security policy to all relevant interested parties where appropriate, including customers
- Identify and manage information security incidents according to a process
- Identify new security opportunities and challenges and ensure action is taken to eradicate risks
- Implement IS and cyber security policies and takes measures against intrusion, frauds, attacks or leaks
- Implement the requirements of the information security policy
- Ensure that security controls are in place and documented
- Investigate, trouble shoot, security incident/issue in Production
- Define improvement plans and targets for the financial year
- Report on improvement activities

Qualifications

• Bachelor's degree in computer science or related field
• Min 5 - 7 years of experience in IT Security
• Ability to demonstrate understanding of vulnerability remediation
• Skilled in consultancy, risk management, solution design and issue resolution
• Expert knowledge in IT security best practice and solutions.
• Resource management and vendor management, working with vendors to get the right people in place
• Technical Expertise:
• Deep knowledge of OWASP Top 10, CWE/SANS Top 25, WASC
• Certified Information Systems Security Professional (CISSP) or equivalent
• Good understanding of IT infrastructure
• Good understanding of software development practices and coding is A plus