В банковскую группу Emirates NBD требуется Infosec and Threat Assessment Manager.
The Infosec and Threat Assessment Manager will conduct testing for Emirates NBD infosec assets through focused threat based methodologies, to identify, expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance.
Responsibilities:
- Develop, manage and maintain the Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements
- Develop, manage and maintain Emirates NBD portfolio of security assessment services and associated service catalog
- Develop, maintain and manage Emirates NBD threat modelling framework and operationalize these models into the security assessment program
- Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack
- Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls
- Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group
- Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process
- Responsible for threat activity reporting and insight on the IT technology assets used by the group
- Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions
- Interact with Group IT leadership to ensure that assessment activities are planned, published and scheduled
- Organize and participate in governance forums to present threats, associated vulnerabilities and compliance posture of the information assets of the bank
- Act as a security ninja and advisor to internal teams to advise known methods of breaking and bypassing controls
- Participate in “Purple Teaming” exercises with defense teams
- Operationalizing the threat modelling framework to be utilized for the Security Assessment program
- Manage the portfolio of security assessment services
- Proficient in industry best practices in threat and vulnerability management, analytical and correlation tools
- Be accountable and responsible when conducting security assessments in a controlled manner that do not cause business impacts
- Ensure maximum accuracy of all data being generated from the assessment reports and the scope covered as part of the assessment are adequate and relevant
- Identify and collate appropriate threat, vulnerability and risk metrics to ensure that representation of threats and risk are appropriate to risk appetite of the bank
- Conduct report read-outs on observations with technical stakeholders (auditee) and work hand-in-hand with them on remediation plans
- Work with Group IT leadership to ensure that identified vulnerabilities and agreed remediation plans are accepted and work with them to ensure that these are mitigated
- Ensure threats and mitigation measures are correctly populated into the threat register with accurate estimated dates of compliance and threat ratings as per the group’s methodology
- Research new threats vectors / attack methods that are cutting edge in testing control effectiveness
- Enhance technical security assessment & pen testing capabilities to ensure effective assessment for an evolving technology landscape
- Build new periodic assessment frameworks and methodologies that help contribute to a more efficient method of executing the charter
- Improve threat modelling framework to ensure that new relevant threat vectors are identified and are part of the framework
- Act as an advisor to Group IT & Business stakeholders by ensuring effective decision-making using facts and providing options for possible solutions to challenges/mitigation/remediation measures
Required Qualifications:
- Bachelors or Master’s degree in Computer Science, Mathematics or equivalent discipline
- Master’s Degree in Business Management or equivalent
- Certifications such as CISSP, OSCP, OSCE, CREST
- Certifications such as GPEN, SANS GWAPT
- 3-5 years of experience with technical Cyber security
- Experience with Bash scripting, Perl, Python or R
- Experience with Machine Learning frameworks and code development
- Experience with malware scanning tools
- Experience with mobile and digitization platforms
- Experience with threat modeling frameworks such as STRIDE, PASTA and VAST
- Experience with breaking niche platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture
- Strong technical background covering heterogeneous technologies and multiple security domains
- Deep knowledge of the gaps and weaknesses of a typical heterogeneous banking environment including the toolsets required for security assessments
- Deep experience in depicting vulnerabilities, accurate threat assessment and mitigation recommendation
- Deep experience in evaluating threats as per the latest threat environment affecting the region (EMEA & North Africa) and the world
- Deep knowledge and skills in policies, standards and required controls (both technical and compliance based)
- Extensive experience with Security scanning solutions such as Tenable Security Center, Tripwire, Rapid Scan, Qualys and have the ability to quickly use all functionality within the solutions to interact with systems, through existing content (e.g. plugins), published baselines and custom developed content
Внимание! Для отклика на вакансию нужен VPN.