Cybersecurity Access Control Governance and Auditing

•       Create and maintain comprehensive access control policies that define the principles, rules, and guidelines for granting and managing digital access.

•       Implement access framework for assigning access based on roles, responsibilities, and job functions, ensuring proper segregation of duties.

•       Define and maintain role-based access structures that align with business processes and security requirements.

•       Ensure access control policies align with industry regulations and STC Bank security objectives.

•       Coordinating with third-party vendors and service providers to ensure that access controls are implemented based on STC Bank policy.

•       Understands how to analyze access control lists to gain an understanding of software behaviors and interactions.

•       Maintain detailed records of access activities and changes to access rights for accountability and forensic purposes.

•       Generate comprehensive reports on access reviews, audits, and compliance status for stakeholders and regulatory requirements.

•       Monitoring and maintaining compliance with regulatory requirements related to access review and audit, such as PCI.

•       Implementing policies for granting temporary access to systems and applications for users who need it for a specific period.

•       Maintain and auditing a centralized inventory of all accounts and access privileges across STC Bank including third-party accounts.

•       Maintain and auditing g with other departments or teams to manage third-party access, such as vendors or contractors who need to access STC bank’s systems or applications.

•       Collaborate with departments to ensure access certifications are performed.

•       Preform gap analysis to identify areas where access controls need to be strengthened.

•       Stay up to date with emerging threats, vulnerabilities, and technologies related to access review and audit, and identifying opportunities to adopt new tools or methodologies to improve STC Bank’s overall security posture.

Framework Alignment:

•       NCA Scywf –K3505,S0005, T0100,T0114,T3508,T4025,T4027

•       SAMA cybersecurity Framework – 3.3.5 Identity and Access Management.

•       SAMA cybersecurity Framework – 3.4.1 Contract and Vendor Management

Requirements

•  Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Master’s Degree in Cybersecurity, Information Security, or a related discipline (preferred).
• Minimum of 5-7 years of experience in cybersecurity with a focus on access control, governance, and auditing.

Last updated on May 22, 2024