Information Security Officer

icon Malta
icon IT/Telecoms



Sorry, this advert is now closed. Click here to view our live vacancies.

A leading Investment Bank is looking for an Information Security Officer to join their risk management department. You will perform risk (including security risk) assessments on new ICT systems and/or technology vendors proposed for purchase/use by the Bank. The ideal candidate will have a bachelor’s degree in Computer Science or Information Security together with industry standard certification in information security, such as CISSP, CISM, CRISC, CISO. If you feel you have the necessary skills and experience, then GRS look forward to receiving your CV for this Malta based Information Security Officer role.
  • Keep up to date with the latest vulnerabilities and threats
  • Keep up to date with developments in ICT guidelines and regulations such as DORA, being well-informed of regulatory requirements (EBA, CBM, MFSA, GDPR) and standards (ISO27001, PCI DSS) around ICT Security
  • Perform risk (including security risk) assessments on new ICT systems and/or technology vendors proposed for purchase/use by the Bank
  • Develop or source information security training for employees and Board of Directors on an annual basis
  • Review the threat and vulnerabilities monitoring program and the rules generating alerts for investigation set up by the 1LOD
  • Review and challenge the comprehensive IT Framework of the Bank. Ensure that the ICT risk framework is reviewed at least annually and is approved by the Board. Perform ICT framework control tests and policy adherence checks, across the Bank
  • Develop and maintain an information security work-program for the Bank’s 2LOD based on regulatory changes, security landscape changes, Regulator feedback, audit findings and feedback from other members of Management
  • Ensure that a regular review of employee access rights to verify alignment with job responsibilities is being performed by 1LOD or as applicable
  • Have sight of the changes made to the Bank's network and systems as a result of Patch Management, Change Management and updates to user access rights changes and system change request forms
  • Review and update the Bank’s Incident Management and Reporting Policy whenever needed
  • Review and challenge the IT Risk register and test the controls contained in the said register, ensuring that the 1LOD keep it updated
  • Participate in regulatory interviews and questionnaires concerning IT Security
  • Have sight over the Bank's responses to potential cybersecurity breaches, data breaches, and financial crime attempts or incidents
  • Analyze the results of internal and external vulnerability scans, health checks and penetration tests of the Bank’s hardware and software infrastructure and review the proposed mitigation measures proposed by the 1LOD
  • Independently ensure that any remedial actions proposed by the 1LOD in response to findings from audits, penetration tests and Regulatory inspections have been implemented in the agreed upon timeframes
  • Review and challenge the Bank’s annual Target2 attestation
  • Monitor adherence to the Bank’s Risk Appetite for ICT risks
  • Participate in discussions concerning the acceptable level of IT Security Risk and enforcing it throughout the Bank
  • Prepare a detailed report on ICT Risk oversight performed, to be provided by the Risk Manager to the Board of Directors, on a quarterly basis. 
  • Create and maintain the Fraud-risk typology register after an in-depth analysis of the entire Bank’s processes, as applicable
  • Maintain (in a co-ordination role NOT ownership role) the BCP and the DRP documents of the Bank
  • Analyze risk factors and potential impact resulting from business disruptions as part of the BCP and DRP plans, from a total risk perspective
  •  Ensure that the 1LOD both (i) test the BCP and DRP plans on a regular basis and (ii) document the testing carried out in a manner which facilities oversight by the control functions
  • Challenge the plans and oversee the testing thereof independently
  • Organize crisis/ incident management drills to test the Bank’s preparedness to response to various BCP/DRP scenarios.
  • Liaise with the Bank’s DPO in relation to incidents flagged to the Risk Function, and maintaining the relevant internal log of data breaches as applicable
  • Maintain the Outsourcing Register, with direct input from the departments responsible for outsourced arrangements
  • Assist and provide guidance in relation to the risk assessments required for each outsourcing arrangement, prior to the signing of the outsourcing contract and as part of on-going reviews of the service provider
  • Perform any other duties required to fulfill the responsibilities of the Bank’s Outsourcing function.
  • Industry standard certification in information security, such as CISSP, CISM, CRISC, CISO or acquisition in one year from recruitment
  • Bachelor’s degree in Computer Science or Information Security
  • Strong knowledge of IT infrastructure, networking principles and application security
  • Keen interest remaining up to date with developments in IT security and risk management, professional experience in these fields
  • Critical thinking skills, excellent analytical, and reporting capabilities
  • Strong command of verbal and written English
  • Competitive salary package, including annual performance bonus
  • On-the-job training will be provided
  • Opportunity to work in a great team environment which supports teamwork and personal development
  • Group health insurance
  • Employee savings plan
  • Flexible working hours
  • Free parking
Due to the high volume of applications we receive at GRS Recruitment, only shortlisted candidates will be responded to
To apply for this position, please email your CV to Laura Constantinou, quoting the above job reference or call +356 2778 0664 for further information.
Job Summary
  • icon
    7 November 2022
  • icon
  • 4420
Cookies on this website
We need to ensure that we give you the best experience on our website. If you wish you can restrict or block cookies by changing your browser setting. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on this website.