Përshkrimi i punës
The Information Technology Security Officer (ITSO) (Assistant Manager) will be responsible for protecting the Banks IT resources and information assets by: Ensuring strategic alignment of information security in support of business objectives; Ensuring availability, confidentiality, integrity, audit ability of the Banks information systems; Ensuring continued availability of the Banks information systems; Ensuring reduction of adverse impacts on the Banks business operations to an acceptable level; Ensuring conformity of applicable laws, regulations and standards; Preventing non repudiation of computer based activities. Duties: The ITSO reports to the head group of Financial Control and IT group. Information Security Governance: Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Define and elaborate the information security strategy in support of the Banks business strategy and direction Liaise with HR to ensure that each job description include information security governance activities Identity current and potential legal and regulatory issues affecting information security and assess their impact on the Bank. Establish and maintain information security policies that support business goals and objectives. Risk Management: Identify and manage information security risks to achieve business objectives: Develop systematic, analytical and continuous risk management process. Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle. Identify and analyze risks through suitable and recommended methods Information Security Program Management: Design, elaborate and manage information security program to implement the information security governance framework. Establish and maintain plans to implement the information security governance framework. Define annual information security budget and obtain Information Security Steering Committee approval. Manage the information security budget in implementing the information security program. Information Security Management: Oversee and direct information security activities to execute the information security program. Lead the Banks IT security team: plan, organize, assign, supervise and monitor the work of team members Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the Banks information security policies. Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies. Response Management: Establish and manage capability to response to and recover from disruptive and destructive information systems events. Design, elaborate and implement processes for detecting, identifying and analyzing security related events. Develop response and recovery plans including organizing, training, and equipping teams. Ensure periodic testing of the response and recovery plans where appropriate. Business Continuity and Disaster Recovery Plan Management: Design, elaborate, coordinate, maintain and supervise comprehensive Business Continuity and Disaster recovery Programmers, strategies, plans and procedures in order to assist the Banks survival from major interruptions of data processing services. Coordinate and manage activities related to the Business Continuity Plan (BCP) including the Disaster Recovery Plan (DRP). Coordinate the maintenance of the BCP/DRP documentation. Liaise with all resources that intervene in the Banks BCP: Senior Management, Directors and Managers, Staff, Consultants, vendors and auditors Any other duties reasonably requested by management. Requirements: Masters Degree in Computer Science, Information Technology or related field. Desirable Masters Degree in MSc in Information Security, Preferably five (5) years of relevant post qualification experience, with at least three (3) years of demonstrated IT infrastructure implementation and management. Mixed managerial, analytical and technical skills, and knowledge in all aspects of computer security in multi IT areas: database, development, network, operating systems, IT security, specific applications security, etc. Good understanding and writing skills of computer systems security strategies, policies, principles, procedures, and standards Good technical knowledge and experience across multiple platforms and technologies: Windows, Unix, Linux, networking, applications concepts, databases; wide area networks; computer operations, Intranet/Internet, LAN/WAN Connectivity with good knowledge of firewalls, switches and routers (especially Cisco products) Good technical knowledge and experience in defining access and authorization controls within the Banks critical applications: FLEX etc. Good technical knowledge and experience in Business Continuity Planning areas Good knowledge of structured systems analysis techniques and practices as well as strong analytical and problem solving skills Good Knowledge of risk assessment processes Good understanding of ISO17799 22301, PCI DSS, and current legal and regulatory requirements relating to information security and privacy Up to date knowledge of information security; industry certifications covering information security are added advantages. Demonstrable experience with networks and systems involved in keeping an organization secure Strong management and leaderships skills and the ability to influence senior management are essential Competence in the use of standard Microsoft office applications (Word, Excel, Access, and PowerPoint) Excellent written and verbal communications in English with a working knowledge of the language Vetem kandidatet e zgjedhur do te kontaktohen. Kandidatet e interesuar jane te ftuar te aplikojne deri me 16 Korrik 2017, ne linkun me poshte: https://cv.bkt.com.al/candidate/job_search