Applications Security Officer at CalBank

Full time @CalBank Ghana in Information Technology
  • Post Date : November 13, 2023
  • Apply Before : December 13, 2023
Email Job
  • Share:

Job Detail

  • Offered Salary 0
  • Career Level Manager
  • Experience 3 Years
  • Qualifications Degree Bachelor

Job Description

Job Title: Applications Security Officer

Location: Accra

Department: Information Security

Role Purpose

To handle all application security issues as a result of increased use of both internal and externally developed applications within the Bank and the rising threats to applications.

 

Duties and Responsibilities

1.聽聽聽聽Cyber and Information Security Management Framework

–聽聽聽聽聽Support the implementation and enforcement of secure design principles according to information security policies, standards, and patterns.

–聽聽聽聽聽Support the deployment of application and database security baselines

–聽聽聽聽聽Implement, test, and operate advanced software security techniques in compliance with the technical reference architecture.

–聽聽聽聽聽Complement the Maintenance and update policies and technical documentation in relation to applications.

2.聽聽聽Risk Assessment and Vulnerability Management

–聽聽聽聽聽Complement the application security risk and vulnerability assessment on projects prior to project kick start.

–聽聽聽聽聽Perform prospective merchant integration application security review for PCI DSS and track progress of remediations

3.聽聽聽Application Development

–聽聽聽聽聽Conduct web application security scans, analyze results for false positives, prioritize vulnerabilities, and research and propose remediation steps.

–聽聽聽聽聽Implement API security

4.聽聽聽Application Testing

–聽聽聽聽聽Troubleshoot and debug application issues that arise Bank wide

–聽聽聽聽聽Conduct awareness sessions on secure coding for software developers

–聽聽聽聽聽Consult team members on secure coding practices

–聽聽聽聽聽Develop a familiarity with new tools and best practices

–聽聽聽聽聽Analyze application logs and audit trails for suspicious activities.

–聽聽聽聽聽Perform proactive research to detect new attack vectors

5.聽聽聽Security Architecture and Designing

–聽聽聽聽聽Maintain the inventory architecture of all applications within the organization.

–聽聽聽聽聽Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept, and pilot installations.

–聽聽聽聽聽Advocate for security requirements during all phases of the SDLC.

6.聽聽聽Information Security Incident Management

–聽聽聽聽聽Support incident response when a security event occurs.

–聽聽聽聽聽Issue reports on assigned applications and system scans.

7.聽聽聽聽Information Security Projects

–聽聽聽聽聽Support the implementation of DevOps within the Bank.

–聽聽聽聽聽Support application integrations in the PIM deployment project.

–聽聽聽聽聽Support the implementation of automated platform for the secure software development process.

–聽聽聽聽聽Participate in preparatory activities for the ISO27001 surveillance audit.

–聽聽聽聽聽Participate and provide software security guidance in the SOC project

–聽聽聽聽聽Participate in PCI DSS re-certification activities.

–聽聽聽聽聽Participate in the Azure Information Protection (AIP) implementation project.

–聽聽聽聽聽Support the social media security process (applications based on social media)

Qualification and Experience

路聽聽聽聽聽聽聽Bachelor鈥檚 degree in Computer Science/Engineering, Information Technology, Electrical Eng., or a related field of study. A Master鈥檚 degree is an advantage.

路聽聽聽聽聽聽聽Minimum professional certificate of CEH, CISM, CRISC or CISA.

路聽聽聽聽聽聽聽Knowledge of information security standards such as ISO 27001, IS0 27035, and PCI-DSS.

路聽聽聽聽聽聽聽Background in application development.

路聽聽聽聽聽聽聽3+ years鈥 experience in application development.

路聽聽聽聽聽聽聽Knowledge of information security standards/frameworks such as ISO 27001, OWASP, and CIS.

路聽聽聽聽聽聽聽Industry certification on any systems or network infrastructure required e.g. MCITP/CCNA, etc.

 

Skills, Capabilities & Attributes

路聽聽聽聽聽聽聽Knowledge of Information security and risk management frameworks/best practices.

路聽聽聽聽聽聽聽Experience with Programming and implementation of technical controls.

路聽聽聽聽聽聽聽Knowledge in IT Service Management (ITIL)

路聽聽聽聽聽聽聽Knowledge of Cyber and Information Security standards such as NIST, ISO 27001, PCI-DSS, etc

路聽聽聽聽聽聽聽Knowledge of network and security devices and platforms, including firewalls.

路聽聽聽聽聽聽聽Good understanding of security solutions and how they fit together to address business risk

路聽聽聽聽聽聽聽Working experience with performing security assessments and network vulnerability assessments

路聽聽聽聽聽聽聽Basic knowledge of IT regulatory and compliance requirements

Other jobs you may like