Cyber Assurance Analyst at Sidian Bank

The Cyber Assurance Analyst will be responsible for conducting security reviews on new and existing systems, products and services in compliance with the Sidian Bank Limited security policies and industry best practices such as ISO27001, CIS, PCI DSS among others. They will also be responsible for providing timely security assurance reports and advice to the business when required even with very tight timelines.

The role will lead and coordinate all cyber security assurance activities in Sidian Bank Limited). They will manage external Penetration testing activities periodically for key systems.

KEY ACCOUNTABILITIES (DUTIES AND RESPONSIBILITIES)

• Conducting Security Reviews for new and existing Sidian Bank Business systems (40%): Perform security assessment on new and existing systems to identify cyber risks and ensure the necessary controls are in place.
• DevSecOps Implementation (20%): Drive the culture of implementing built in security controls end to end in the software development lifecycle and automate the security testing processes.
• Research (20%): Stay up to date with new trends in technology and cyber by continuously researching on emerging technologies and threats to ensure necessary controls are in place.
• Leadership (20%): Manage and coordinate cyber assurance initiatives by both internal and cyber security external teams. Define and report on key cyber metrics to senior management to measure return of investment in Cyber.

Main Activities

• Perform design reviews and provide cyber security input to ensure the necessary security controls are included from the beginning of new projects.
• Perform threat modelling for the all Sidian Bank Limited Business systems to ensure threats are identified and mitigated.
• Perform vulnerability assessments and penetration testing across all Sidian Bank Limited Business systems.
• Perform compliance hardening reviews for the Sidian Bank Limited Business systems.
• Provide timely and quality security assurance reports to the business.
• Do regular follow ups with system custodians to ensure identified risks are addressed within the agreed timelines.
• Implement cyber assurance testing tools within the CI/CD pipeline to automate security testing.
• Research on new technologies, threats and vulnerabilities to inform the necessary security controls and investments in cyber.
• Continuously review and improve cyber processes to ensure efficient support to the agile process of software development.

Technical Competencies

• Demonstrate competency in the use and administration of ethical hacking tools e.g. KALI Linux, Metasploit, Nexpose, Nessus, Nmap, BurpSuite etc.
• Hands on experience in software development with major languages Java, C++, C# and practical experience using relation RDBMS e.g. Oracle and MS SQL etc.
• Working knowledge of Cloud technologies in at least one of the following: AWS, Azure, Google and Huawei.
• Working knowledge and experience in DevSecOps technologies and practices i.e. AGILE, Jenkins, Jira, Github, Gitlab etc… will be an added advantage
• Excellent analytical, problem solving and reporting skills
• A good knowledge of the systems and processes within Financial Services industry.
• Experience in leading teams of security analysts will be an added advantage

Behavioural Competencies

• Relate easily and naturally with executives, business managers, technical teams and customers. Has excellent listening skills and understands the desires and challenges of all our leaders and customers.
• Ability to form trusted relationships with technical teams and customers
• Possess broad knowledge of business and has an interest in market trends. Have intricate knowledge of our business: its vision, mission, strategy, values and how it operates.
• Clearly communicate and share the planned cyber initiatives, reports, and risks with executives, business leaders, and stakeholders across the organization – in a manner that leaves them all touched, moved and inspired.
• Passionate about innovation. Loves technology and possesses both a deep and broad understanding of the technology market and cutting-edge technology and Cyber trends.
• Continuously listening to our stakeholder’s feedback and coming up with new architectures and enhancing existing ones to leverage these cutting-edge technologies.
• Self-motivated and self-managing.
• Have a material impact in attracting new customers, delighting existing customers, increasing our market share and enhancing our organizations efficiency and profits.

Delivery model is organized around delighting our customers, increasing our profitability, and increasing the businesses efficiency

Risk & Compliance:

• Attend training and maintain knowledge of and comply with all bank policies and procedures including Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules and regulations.
• Participate or undertake Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing bank programs on a regular basis e.g. taking attestations, self-assessment tests, filling in compliance questionnaires as required.
• Comply and not to knowingly participate or assist in any violation of Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or internal policies, procedure and guidelines.
• Report suspected money laundering cases to their respective heads of units or to the Money Laundering Reporting Officer as soon as such incidents occur immediately with a clear basis of suspicion.  
• Avoid Misrepresentation and Malicious Reporting – knowingly making a false, fictitious or fraudulent representation e.g. statement, report, document.
• Avoid Tipping Off customers being investigated so as not to knowingly prejudice an investigation by disclosing information.
• Not provide advice or other assistance to individuals who attempt to violate or avoid Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or corporate policies.
• Respond to all AML/CFT/CPF queries when requested by Compliance Unit to allow the bank to comply with the requirements of The Anti-Money Laundering and Combating Financing of Terrorism Amendment Act.
• Co – operate fully with regulators and law enforcement agents and make available required documents and information.

DECISION MAKING AUTHORITY

• Operational – Solution Design dependent on CRs/BRDs assigned
• Strategic – Solution structuring to ensure ease of implementing future enhancements

ACADEMIC BACKGROUND

• A Bachelor’s degree in Computer Science, Information Technology or related field.
• Information security certifications e.g. CEH/CISSP/CISM/GIAC/CPTP/OSCP

WORK EXPERIENCE

• Minimum of 3 years’ working experience in Information Systems Security – e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, ICT Audits, Pre-and-Post Implementation System Reviews
• Minimum of 2 years’ working experience in Networking and Operating Systems e.g. Cisco, Huawei, Windows (All) and Linux.

SKILLS & COMPETENCIES

• Ability to use specialized tools and software to analyse, detect, investigate and report on various vulnerabilities and threats
• Knowledge and experience with several relevant IT products i.e. SIEMs, DAMs/WAFs, Antivirus, Firewalls & Patch Management
• Awareness and exposure in IT security with experience working in financial institutions.
• Keen attention to detail with a time-conscious approach.
• Ability to work under pressure in a competitive environment

PROFESSIONAL CERTIFICATION

• ITIL Foundation
• Possess at least one security certification such as CEH (Certified Ethical Hacker); SSCP (Systems Security Certified Practitioner); OCSP (Offensive Security Certified Professional); CompTIA Security+