We’re a leading financial institution, a key player in the Maltese market and part of a highly diversified multi-national group of companies. Employing a team of over 270 employees, the Bank offers a full range of lending and savings solutions to both personal and business customers. We strive to offer a highly personalised service through our network of twelve retail branches spread across the Maltese Islands.
We’re a team of inspired people who believe that opportunities start with a conversation.
Duties & Responsibilities
The Information Security Analyst will be responsible to monitor the Bank’s systems and networks for security events, vulnerabilities and incidents through various systems (e.g. SIEM), services and tools (e.g. vulnerability scanning and penetration testing). In addition, you will be carrying out security risk assessments of internal systems, networks and processes as well as assessing security risks in third party service provision.
You will be responsible for:
- analysing and responding to security threats from various security platforms and technologies;
- conducting research and evaluating technical and all-source cyber intelligence to develop in-depth assessments of threats to the organisation’s networks, systems, users, and data;
- serving as liaison and a point of contact for information security event reporting;
- creating technical assessments and cyber threat profiles of current events on the basis of inventive collection and research to enable advanced threat intelligence;
- developing and maintaining analytical procedures to meet changing requirements and enable more strategic detections;
- staying abreast of innovative business and technology trends in IT security, risk, and controls while advising management of technology initiatives that support such latest trends;
- ensuring effective execution of the risk management framework by managing relationships with key stakeholders within strategic business groups and technology;
- verifying that information security risks are appropriately mitigated and leading multiple stakeholders in agreement on appropriate solutions/controls;
- Identifying applicable regulatory risks from changes or additions to regulatory guidance and requirements;
- providing expertise for resolution and risk mitigation;
- championing information security within the Bank to provide security training, increase security awareness and/or discuss potential security issues and scenarios;
- developing, tracking, and reporting on Key Risk Indicators (KRIs) for information security;
- monitoring, tracking and reporting mitigation and resolution of information security risks;
- performing process-level walkthroughs, control testing, etc. for the identification and assessment of IT risks and controls;
- effectively communicating key risks, findings, and recommendations for improvement with key stakeholders; and
- performing any other Ad hoc duties that may be assigned from time to time.
Competencies & Experience
- be fluent in English with strong oral and written communication skills to work effectively with employees at all levels of the organisation;
- be able to comfortably drive conversations with teams of varied backgrounds and purpose, such as conversing with all three lines of defence as well as service providers and senior management;
- be receptive to guidance provided from management and be able to effectively communicate results to management;
- be highly organised with an ability to prioritise and multi-task, as well as able to thrive in a fast-paced environment;
- possess excellent problem-solving skills and have the ability to be highly productive, both when working alone or as part of a team.
- be detail-oriented and able to juggle multiple issues that may arise, both efficiently and effectively;
- be able to think outside the box to analyse security issues and possess a sound information security background;
- have a minimum of a Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a similar technical degree;
- have a minimum of 4 years’ experience in a generic IT profession, out of which a minimum of 2 years of relevant professional experience is in an Information Security function or department;
- have experience with Linux, Windows and Network Operating Systems is required;
- possess practical expertise with EDR, SIEM and SOAR solutions;
- have experience with developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards;
- have experience in Design, implementation and assessments of good practice security control frameworks such as CIS Critical Security Controls, OWASP Application Security Verification Standard, COBIT;
- be good in programming and have scripting skills (Python, Bash, PowerShell);
- have good knowledge of ISO27001 implementation, operation and management, security control audits and assessments, or other relevant standards and good practice in information security management;
- possess good understanding of Information risk management, Common security risk scenarios, threats and vulnerabilities and Governance, Risk & Compliance (GRC) practices and controls; and
- One or more of the following qualifications is desirable (CISSP, CISM, CISA, CRISC, ISO27001 Lead Implementer, ISO27001 Lead Auditor);
- Previous experience in a similar role in a financial services institution will be considered as an asset.