Job description / Role
Operating in the UAE for over 50 years, CBD manages the financial requirements of some of the largest corporates and businesses operating in the country, driving the UAE economy. Over the years, CBD has transformed into a progressive and modern banking institution winning multiple awards for its digital initiatives, credit cards, bank accounts, mobile app features and services.
CBD has been recognized as the number one bank in the UAE on the Forbes list of The World's Best Banks 2022.
As we continue to build upon our successes, we are looking for ambitious individuals who are passionate about the banking and finance industry and the markets in which CBD operates. Just as important to us is your ability to demonstrate a talent for dealing with people - your colleagues and our customers - and delivering service that really goes the extra mile.
Primary responsibilities include but are not limited to
- Work primarily as part of the Security Monitoring and Incident Response Team, interacting with internal and external stakeholders
- Support and work closely with the Head of Technology Risk in the implementation of proactive security monitoring processes, identifying/suggesting measures for monitoring and building security metrics with respect to IT risks in all business functions.
- Act as technical support resource in a number of important Technology Risk activities, including Security Risk Assessments, Security Compliance Reviews and Independent Security Assessments
- Primarily manage and coordinate activities related to information security monitoring and incident response.
- Act as key resource in the security monitoring team, regularly reviewing security metrics, reports, dashboards and alerts.
- Good understanding of the SIEM, Cloud Solutions, Endpoint Security, Perimeter Security Email Security and Data loss prevention technologies such as Firewalls, IPS, NAC, WAF, Email Sandbox, Antivirus, EDR, DLP, Data classification and packet capture technology solutions.
- Splunk - Prior experience with Splunk Search and Reporting or Splunk Enterprise Security. Knowledge and experience creating searches, correlation rules and notables
- Knowledge and experience creating searches, correlation rules and notables in Microsoft Sentinel
- Manage a team of security specialists who does the security operation on daily basis.
- Making strategic decisions and providing leadership and direction to Security Specialists and Engineers.
- Ensure prompt response to security incidents, escalating high-severity items to Head of Technology Risk and Head of Operational Risk
- Ensure all the alerts from Digital and Social media reputation alerts are addressed on time and communicated internally
- Regular review and update of incident response management plan, processes and procedures.
- Perform security and architecture assessment and reviews, at different levels (i.e. network, IT assets, etc.) and ensure that identified risk is managed in accordance with the IT Risk Management program.
- Responsible for the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally - recognized security concepts tailored to meet CBD requirements and ensuring regular review of information security policies.
- Identify potential areas of vulnerability and risk; develop/implement corrective action and remediation plans.
- Contribute to the Security Awareness Program by assisting all initiatives related to awareness of Technology Risks and expected behavior changes within CBD.
- Assist the Unit in managing third parties and services providers, including preparation of RFP (Request for Proposals), definition of SoW (Scope of Work)
- Follow the internal CBD project management methodologies and standards, applying them to all engagements with third parties.
- Translate raw security events and incidents into meaningful business-relevant information, clearly highlighting the business impact and recommending remediation actions.
- Independently manage different technical assignments, involved in the evaluation and selection of third party vendors and solutions.
- Interact regularly with internal and external stakeholders, representing the Unit in different occasions.
- Support to achieve and maintaining compliance with applicable regulations and internal policies.
- Manage security technologies and products to support Technology Risk projects and initiatives and Core focus on driving cyber security vision and roadmap on organization strategies
- Prepare Security Architecture design documents i.e. HLD(High level Design) and LLD(Low level Design) for review and better understanding.
- Detailed understanding of security architecture / design best practices, processes, risk assessment, planning, project management, documentation and presentation in Cyber Security environment.
- Thorough understanding of the latest security principles, techniques, and protocols
- Oversee the operations of Information and Data security including business continuity, Threat hunting and intelligence
- Oversight, overlook execution of all required penetration tests, incident analysis and Forensic analysis, data loss analysis and other related investigations
- Monitor and ensure adherence to regulatory compliance, Central Bank requirements and audit, governing information security and industry best practices
- Work with security architects on providing active defense and proactive plans to enhance the security standards and posture
- Translate complex ideas at the intersection of Data Science, Analytics and Cyber Security Research to production ready features in our product
- Anticipate industry future directions and relate those changes to current and future Cyber and IT Security needs
- Identify security design gaps in existing security solutions and proposed architectures and recommend changes or enhancements.
- Ability to work independently and in a team environment with both the local and global information security teams, Compliance and Legal teams
- Conduct comprehensive risk assessments in order to identify all issues and track them via implementing risk management methodologies
- Have a strong engineering background with excellent understanding of complex architectures like Splunk, Azure and other Security solutions
- Perform security gap-analysis across projects, applications and vendors, documenting remediation plans.
- Perform daily log review in Splunk of all Security devices and Servers logs for availability and alerting if the devices are not reporting or not receiving the logs from these devices.
- Track record of thought leadership and a demonstrated focus on outcomes and impact
- Provide oversight of Cyber security solutions implementation including all activities, outputs, and outcomes related to project management and administration, including reporting, execution of project plans, and project performance
- Degree preferably in Computer Science
- Strong technical background in IT Security, Information Security and Risk Management.
- Security certifications required (CISSP\CISM\CRISC\SANS etc)
- Supporting Certifications CEH, Comptia Security+, RHCSA, CoBIT, CGEIT, ISO 27001
- Minimum 7 years as information security professional.
- IT Security and Information Security project management experience.
- Experience administering Information and IT security solutions and network devices.
- Sound knowledge of IT Security technologies/solutions, networking protocols, etc
- Able to interact effectively with all levels of a diverse team
- Skills in IT Governance, Risk Management (risk assessments) and Compliance
- Good communication and writing skills
- Excellent analytical & interpersonal skills
- Ability to efficiently acquire and utilize new skills in response to change
- Ability to manage multiple priorities
About the Company
In 1969, when we at Commercial Bank of Dubai started out little did we know that sheer grit and determination would get us where we are today. An Emiri Decree issued by His Highness the Late Sheikh Rashid Bin Saeed Al Maktoum, the founder of modern Dubai, laid the cornerstone of Commercial Bank of Dubai. We started out as a joint venture of Commerzbank, Chase Manhattan Bank and Commercial Bank of Kuwait. A minority stake was held by a few UAE businessmen.
By 1982, little more than a decade later, we evolved into a National Public Shareholding company. A feat complimented by an exponential increase in the capital base and mammoth restructuring of our operations. The feather in the cap came when the Government of Dubai became a key shareholder.
Over the decades, we have transformed ourselves into a progressive and modern banking institution. We are supported by a sturdy financial base and reigned by a strong and stable management. The proof of which lies with our customers who have stood by us over the years.
Get personalised updates on latest vacancies
Assistant Manager, Settlements - UAE National
Commercial Bank of Dubai (CBD)
Assistant Relationship Manager, Institutional Banking
Commercial Bank of Dubai (CBD)
Information Security Specialist
Senior Security Engineer
|Abu Dhabi||5 Sep|