Officer, IT Security (CSOC Analyst) at Stanbic IBTC

Job ID: 37366
Location: Lagos Island, Lagos
Job Sector: Information Technology and Services

Job Details

• Group Information Technology: systems development, business analysis, architecture, project management, data warehousing, infrastructure, maintenance and production.

Job Purpose

• Responsible for performing security monitoring and incident handling to ensure the Confidentiality, Integrity and Availability of information assets for the Standard Bank Group.

Key Responsibilities/Accountabilities
Engagement:

• Partner with relevant stakeholders to maintain and improve the security posture of Business and IT.
• Develop appropriate measures to understand the effectiveness of securing the bank through the availability of systems.

Service Delivery:

• Perform monitoring via the Security Information and Event Management (SIEM) tool as well as from external sources (e.g. telephone or email).
• Report on false positives and escalate those to the Lead Analyst for verification.
• Undertake incident analysis, tracking, recording, and response.
• Work with or assist other Cyber Security Incident Response Team (CSIRT) members in analysis activities.
• Report new attack types or suspicious activity to the Lead Analyst.
• Update the Case Management tools with evidence trails of all analysed incidents.
• Document results of incidents.
• Escalate and provide feedback on incidents as per Incident Handling Classification Standard and process.
• Provide support to Lead Analyst and coordinate activities in support of Incident Containment.
• Interact with the CSIRT team by assignment from Lead Analyst or Manager of Cyber Security Operations Centre.

Mitigation of Risk:

• Continuously report on incidents identified via the SIEM.
• Spot patterns across a number of systems to provide advanced warning on new threats.
• Have an in-depth knowledge of Stanbic IBTC’s policies, procedures, or overall IT environment. Adherence to all applicable Policies and Procedures is mandatory.

Reporting:

• Ad- hoc compilation and submission of M.I.S reports.
• Security incidents reporting

Internal & External Relationship
Information Technology:

• Impact the whole business unit

Internal Audit & Internal Control:

• Limited to their department only
• Description or examples: Click here to enter text.

Service Providers:

• Manage the relationship
• Description or examples: Engagement with IT Security Service providers to ensure best value for money

Preferred Qualification and Experience
Qualifications:

• First Degree IT and Computer Sciences
• MCSE / CISA / CISM / CISSP etc would be beneficial

Experience:

• 3-4 Years experience in Configuration, optimization and security monitoring of incident handling to ensure the confidentiality, integrity and availability of information assets
• 1-2 Years Experience in TCP/IP, HTTP, network access controls, security principles
• Proven ability in the incident management and software development lifecycles

Knowledge/Technical Skills/Expertise:

• Understanding of the CSOC and CSIRT objectives and requirements.
• Working knowledge of the IT and IT Security field including TCP/IP, HTTP, encryption, network access controls, intrusion detection and prevention systems.
• Working knowledge of relevant Operating Systems.
• Demonstrate knowledge of standards associated with the role, e.g. ISO, CobiT, ITIL.
• Understanding of incident management and case management technologies (ticketing systems).