Applications Security Officer at CalBank

Full time @CalBank Ghana in Information Technology
  • Post Date : November 13, 2023
  • Apply Before : December 13, 2023
Email Job
  • Share:

Job Detail

  • Offered Salary 0
  • Career Level Manager
  • Experience 3 Years
  • Qualifications Degree Bachelor

Job Description

Job Title: Applications Security Officer

Location: Accra

Department: Information Security

Role Purpose

To handle all application security issues as a result of increased use of both internal and externally developed applications within the Bank and the rising threats to applications.

 

Duties and Responsibilities

1.    Cyber and Information Security Management Framework

–¬†¬†¬†¬†¬†Support the implementation and enforcement of secure design principles according to information security policies, standards, and patterns.

–¬†¬†¬†¬†¬†Support the deployment of application and database security baselines

–¬†¬†¬†¬†¬†Implement, test, and operate advanced software security techniques in compliance with the technical reference architecture.

–¬†¬†¬†¬†¬†Complement the Maintenance and update policies and technical documentation in relation to applications.

2.   Risk Assessment and Vulnerability Management

–¬†¬†¬†¬†¬†Complement the application security risk and vulnerability assessment on projects prior to project kick start.

–¬†¬†¬†¬†¬†Perform prospective merchant integration application security review for PCI DSS and track progress of remediations

3.   Application Development

–¬†¬†¬†¬†¬†Conduct web application security scans, analyze results for false positives, prioritize vulnerabilities, and research and propose remediation steps.

–¬†¬†¬†¬†¬†Implement API security

4.   Application Testing

–¬†¬†¬†¬†¬†Troubleshoot and debug application issues that arise Bank wide

–¬†¬†¬†¬†¬†Conduct awareness sessions on secure coding for software developers

–¬†¬†¬†¬†¬†Consult team members on secure coding practices

–¬†¬†¬†¬†¬†Develop a familiarity with new tools and best practices

–¬†¬†¬†¬†¬†Analyze application logs and audit trails for suspicious activities.

–¬†¬†¬†¬†¬†Perform proactive research to detect new attack vectors

5.   Security Architecture and Designing

–¬†¬†¬†¬†¬†Maintain the inventory architecture of all applications within the organization.

–¬†¬†¬†¬†¬†Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept, and pilot installations.

–¬†¬†¬†¬†¬†Advocate for security requirements during all phases of the SDLC.

6.   Information Security Incident Management

–¬†¬†¬†¬†¬†Support incident response when a security event occurs.

–¬†¬†¬†¬†¬†Issue reports on assigned applications and system scans.

7.    Information Security Projects

–¬†¬†¬†¬†¬†Support the implementation of DevOps within the Bank.

–¬†¬†¬†¬†¬†Support application integrations in the PIM deployment project.

–¬†¬†¬†¬†¬†Support the implementation of automated platform for the secure software development process.

–¬†¬†¬†¬†¬†Participate in preparatory activities for the ISO27001 surveillance audit.

–¬†¬†¬†¬†¬†Participate and provide software security guidance in the SOC project

–¬†¬†¬†¬†¬†Participate in PCI DSS re-certification activities.

–¬†¬†¬†¬†¬†Participate in the Azure Information Protection (AIP) implementation project.

–¬†¬†¬†¬†¬†Support the social media security process (applications based on social media)

 

Qualification and Experience

·       Bachelor’s degree in Computer Science/Engineering, Information Technology, Electrical Eng., or a related field of study. A Master’s degree is an advantage.

·       Minimum professional certificate of CEH, CISM, CRISC or CISA.

·       Knowledge of information security standards such as ISO 27001, IS0 27035, and PCI-DSS.

·       Background in application development.

·       3+ years’ experience in application development.

·       Knowledge of information security standards/frameworks such as ISO 27001, OWASP, and CIS.

·       Industry certification on any systems or network infrastructure required e.g. MCITP/CCNA, etc.

 

Skills, Capabilities & Attributes

·       Knowledge of Information security and risk management frameworks/best practices.

·       Experience with Programming and implementation of technical controls.

·       Knowledge in IT Service Management (ITIL)

·       Knowledge of Cyber and Information Security standards such as NIST, ISO 27001, PCI-DSS, etc

·       Knowledge of network and security devices and platforms, including firewalls.

·       Good understanding of security solutions and how they fit together to address business risk

·       Working experience with performing security assessments and network vulnerability assessments

·       Basic knowledge of IT regulatory and compliance requirements

Other jobs you may like