<p>Our client is a leading financial institution and a key player in the Maltese market, operating as part of a highly diversified multinational group of companies. With a team of over 270 employees, the Bank offers a comprehensive range of lending and savings solutions to both personal and business customers. Through a network of thirteen retail branches spread across the Maltese Islands, our client takes pride in offering highly personalized service. They are a team of inspired individuals who believe that opportunities begin with a conversation.</p><h3>Duties & Responsibilities</h3><p>Our client is seeking an Information Security Analyst to monitor the Bank’s systems and networks for security events, vulnerabilities, and incidents through various systems (e.g., SIEM), services, and tools (e.g., vulnerability scanning and penetration testing). The role will also involve conducting security risk assessments of internal systems, networks, and processes, as well as evaluating security risks in third-party service provision.</p><p><strong>Key responsibilities include:</strong></p><ul><li>Analyzing and responding to security threats from various security platforms and technologies.</li><li>Conducting research and evaluating technical and all-source cyber intelligence to develop in-depth assessments of threats to the organisation’s networks, systems, users, and data.</li><li>Serving as a liaison and point of contact for information security event reporting.</li><li>Creating technical assessments and cyber threat profiles based on inventive collection and research to enable advanced threat intelligence.</li><li>Developing and maintaining analytical procedures to meet changing requirements and enable more strategic threat detection.</li><li>Staying up to date with innovative business and technology trends in IT security, risk, and controls while advising management on technology initiatives that support these trends.</li><li>Ensuring effective execution of the risk management framework by managing relationships with key stakeholders within strategic business groups and technology.</li><li>Verifying that information security risks are appropriately mitigated, leading multiple stakeholders in agreement on suitable solutions/controls.</li><li>Identifying applicable regulatory risks from changes or additions to regulatory guidance and requirements.</li><li>Providing expertise for resolution and risk mitigation.</li><li>Championing information security within the Bank by providing security training, increasing security awareness, and discussing potential security issues and scenarios.</li><li>Developing, tracking, and reporting on Key Risk Indicators (KRIs) for information security.</li><li>Monitoring, tracking, and reporting mitigation and resolution of information security risks.</li><li>Performing process-level walkthroughs, control testing, and identifying IT risks and controls.</li><li>Effectively communicating key risks, findings, and recommendations for improvement with key stakeholders.</li><li>Performing any other ad hoc duties as assigned.</li></ul><h3>Competencies & Experience</h3><p>The ideal candidate will:</p><ul><li>Be fluent in English, with strong oral and written communication skills to effectively work with employees at all levels of the organisation.</li><li>Be comfortable driving conversations with diverse teams, including engaging with all three lines of defense, service providers, and senior management.</li><li>Be receptive to management guidance and able to effectively communicate results to management.</li><li>Be highly organized with an ability to prioritize, multi-task, and thrive in a fast-paced environment.</li><li>Possess excellent problem-solving skills, with the ability to work both independently and as part of a team.</li><li>Be detail-oriented and able to manage multiple issues efficiently and effectively.</li><li>Have a strong analytical mindset and a solid background in information security.</li><li>Hold a minimum of a Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a related technical field.</li><li>Have a minimum of 4 years of experience in a general IT profession, with at least 2 years in an Information Security function or department.</li><li>Have experience with Linux, Windows, and Network Operating Systems.</li><li>Possess practical expertise with EDR, SIEM, and SOAR solutions.</li><li>Have experience developing security policies, standards, and guidelines in alignment with ISO27001 and EU security policies and standards.</li><li>Be familiar with the design, implementation, and assessment of security control frameworks such as CIS Critical Security Controls, OWASP Application Security Verification Standard, and COBIT.</li><li>Be proficient in programming and scripting skills (Python, Bash, PowerShell).</li><li>Have solid knowledge of ISO27001 implementation, operation, and management, as well as security control audits and assessments.</li><li>Understand information risk management, common security risk scenarios, threats and vulnerabilities, and GRC (Governance, Risk & Compliance) practices.</li><li>Possess one or more of the following qualifications (CISSP, CISM, CISA, CRISC, ISO27001 Lead Implementer, ISO27001 Lead Auditor).</li><li>Previous experience in a similar role within a financial services institution will be considered an asset.</li></ul> •
Last updated on Oct 9, 2024