Përshkrimi i punës

The Information Technology Security Officer (ITSO) (Assistant Manager) will be responsible for protecting the Bank’s IT resources and information assets by:
Ensuring strategic alignment of information security in support of business objectives;
Ensuring availability, confidentiality, integrity, audit ability of the Bank’s information systems;
Ensuring continued availability of the Bank’s information systems;
Ensuring reduction of adverse impacts on the Bank’s business operations to an acceptable level;
Ensuring conformity of applicable laws, regulations and standards;
Preventing non repudiation of computer based activities.

Duties:
The ITSO reports to the head group of Financial Control and IT group.
Information Security Governance:
• Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
• Define and elaborate the information security strategy in support of the Bank’s business strategy and direction
• Liaise with HR to ensure that each job description include information security governance activities
• Identity current and potential legal and regulatory issues affecting information security and assess their impact on the Bank.
• Establish and maintain information security policies that support business goals and objectives.

Risk Management:
• Identify and manage information security risks to achieve business objectives:
• Develop systematic, analytical and continuous risk management process.
• Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle.
• Identify and analyze risks through suitable and recommended methods
Information Security Program Management:
• Design, elaborate and manage information security program to implement the information security governance framework.
• Establish and maintain plans to implement the information security governance framework.
• Define annual information security budget and obtain Information Security Steering Committee approval.
• Manage the information security budget in implementing the information security program.
Information Security Management:
• Oversee and direct information security activities to execute the information security program.
• Lead the Bank’s IT security team: plan, organize, assign, supervise and monitor the work of team members
• Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the Bank’s information security policies.
• Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies.

Response Management:
Establish and manage capability to response to and recover from disruptive and destructive information systems events.
• Design, elaborate and implement processes for detecting, identifying and analyzing security related events.
• Develop response and recovery plans including organizing, training, and equipping teams.
• Ensure periodic testing of the response and recovery plans where appropriate.
Business Continuity and Disaster Recovery Plan Management:
Design, elaborate, coordinate, maintain and supervise comprehensive Business Continuity and Disaster recovery Programmers, strategies, plans and procedures in order to assist the Bank’s survival from major interruptions of data processing services.
• Coordinate and manage activities related to the Business Continuity Plan (BCP) including the Disaster Recovery Plan (DRP).
• Coordinate the maintenance of the BCP/DRP documentation.
• Liaise with all resources that intervene in the Bank’s BCP: Senior Management, Directors and Managers, Staff, Consultants, vendors and auditors
• Any other duties reasonably requested by management.

Requirements:
• Master’s Degree in Computer Science, Information Technology or related field.
• Desirable Master’s Degree in MSc in Information Security,
• Preferably five (5) years of relevant post qualification experience, with at least three (3) years of demonstrated IT infrastructure implementation and management.
• Mixed managerial, analytical and technical skills, and knowledge in all aspects of computer security in multi IT areas: database, development, network, operating systems, IT security, specific applications security, etc.
• Good understanding and writing skills of computer systems security strategies, policies, principles, procedures, and standards
• Good technical knowledge and experience across multiple platforms and technologies: Windows, Unix, Linux, networking, applications concepts, databases; wide area networks; computer operations, Intranet/Internet, LAN/WAN Connectivity with good knowledge of firewalls, switches and routers (especially Cisco products)
• Good technical knowledge and experience in defining access and authorization controls within the Bank’s critical applications: FLEX etc.
• Good technical knowledge and experience in Business Continuity Planning areas
• Good knowledge of structured systems analysis techniques and practices as well as strong analytical and problem solving skills
• Good Knowledge of risk assessment processes
• Good understanding of ISO17799 22301, PCI DSS, and current legal and regulatory requirements relating to information security and privacy
• Up to date knowledge of information security; industry certifications covering information security are added advantages.
• Demonstrable experience with networks and systems involved in keeping an organization secure
• Strong management and leaderships skills and the ability to influence senior management are essential
• Competence in the use of standard Microsoft office applications (Word, Excel, Access, and PowerPoint)
• Excellent written and verbal communications in English with a working knowledge of the language

Vetem kandidatet e zgjedhur do te kontaktohen.
Kandidatet e interesuar jane te ftuar te aplikojne deri me 16 Korrik 2017, ne linkun me poshte:
https://cv.bkt.com.al/candidate/job_search