Security Assurance and Assessment Officer

Security Assurance and Assessment OfficerJob Summary:Develop tactical plans and programs for the establishment and maintenance of the Bank's third party information security risk management framework and ensure alignment with the enterprise risk framework. Perform third party security, system security and information asset based risk assessments. Analyze and review complex bank processes, application systems, network security implementations, and third party relationships to identify potential risks, including the determination of risk mitigation strategies.

Recommend strategies to control risks from inadequate protection of confidentiality, integrity, and availability of information assets, processing facilities, and connected services. Specific Duties & Responsibilities:Prepare tactical plans and/or programs in the conduct of information, third party and system security risk assessments. Identify the Bank's critical assets, threats to these assets, vulnerabilities, and review the adequacy of existing security controls to safeguard confidentiality, integrity, and availability of information.

Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data. Perform threat modelling-based system security risk assessments for all IT systems and other IT assets, as applicable. Analyze and assess the impact of changes in processes, technical changes, systems enhancements, and third party relationships.

Review the adequacy of existing security controls to safeguard confidentiality, integrity, and availability of information and information processing facilities to mitigate information security risk. Formulate and recommend information security policies and procedures on physical, environmental, and personnel security based on results of information security assessment activities. Coordinate across all business units and stakeholders in gathering information for the conduct of information, third party, and system security risk assessments.

Articulate security findings and risk remediation strategies through issuance of risk assessment reports. Track and follow-up on the status of risk mitigation activities. Ensure the security risk register is maintained and updated, including the status of remediation activities.

Execute and monitor the accomplishment of the risk assessment plans and programs. Maintain and track a library of records and documentation. Investigate applicable reported incidents related to information handling and data privacy.

Stay abreast of and apply information, IT, and third party security trends and regulatory and compliance changes affecting the security landscape, best practices, and threat landscape. Review the work of other Security Quality and Assurance Risk Assessors; guide and mentor them. Work proactively with the Department Head to implement programs for continuous improvement of the bank's information security plans and strategies.

Perform other information security risk management and compliance-related duties and responsibilities as directed by the Department Head. Qualifications:Bachelor's Degree. Experience in IT general controls and auditing, with a strong background in system security risk assessments.

Ability to perform information security risk-based prioritization decisions, analyze business risk, and articulate complex business/risk trade-off recommendations and decisions. Experience in project security technical reviews and risk assessments. Strong analytical and risk identification skills to analyze various information security-related risk situations and develop recommendations on the best course of action.

Familiarity with security best practices and knowledge of common and emerging security threats. Professional Certification such as CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent is an advantage.