Cyber Security Assurance Analyst at NCBA Group

Job Purpose Statement

The role involves providing technology security assurance to ensure that existing and new systems, services, and products meet security compliance thresholds. The analyst will work closely with IT teams to ensure systems meet the bank’s security requirements and best practices.

Key Accountabilities (Duties and Responsibilities)

Security Assessments for New Projects/Changes (70%):

• Review and recommend secure configurations for servers, workstations, and network devices.
• Conduct security assessments and reviews on new systems and products to ensure compliance with the bank’s security standards.
• Communicate security controls to IT teams and validate remediation actions.
• Participate in planning, design, and execution of the cyber security assurance plan.

Development (20%):

• Support the establishment of program control processes for cyber risk mitigation.
• Participate in technical solution design for new systems, ensuring security requirements are defined.
• Contribute to the creation and improvement of enterprise security policies, standards, baselines, guidelines, and procedures.

Change Management (10%):

• Participate in security assessments and testing reports as part of the Change Management approval process.

Job Specifications

Ideal Job Specifications:

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or related field.
• 2-5 years of experience in IT security, with at least 2 years in a busy IT security environment.
• Knowledge of secure configuration and change management practices.
• Working knowledge of databases, operating systems, and web applications.
• Certifications such as CEH, CISA, CISM, or CISSP.
• Experience with vulnerability assessment and penetration testing tools.
• Knowledge of IT systems security hardening practices.
• Experience in financial services is an advantage.

Technical Competencies:

• Effective IT security management skills.
• Knowledge of information security domains.
• Understanding of vulnerability and risk assessments.
• Knowledge of system security controls on multiple operating systems (Windows, Linux).
• Understanding of common TCP/IP-based services (DNS, DHCP, HTTP, FTP, SSH, SMTP).
• Application of modern IT security management practices in financial services.
• Performance management skills.
• Knowledge of banking policies, processes, procedures, and guidelines.

Behavioural Competencies:

• Interpersonal skills for effective communication and expectation management.
• Self-empowerment for open communication, teamwork, and trust.
• Demonstrable integrity and ethical practices.