BRAC Bank Limited has published a job circular the name of the post Manager – Software Security & Risks, Information Security Department on Jul 13,2019.They have been total vacanay No.N/A.BRAC Bank Limited is an equal chance and welcome applications from male candidate.Applying will be on Jul 20, 2019
Post Tittle:Manager – Software Security & Risks, Information Security Department
Application Deadline: Jul 20, 2019
Job Responsibilities :
- Be part of the digital road map and responsible for ensuring security into the development/acquisition of applications/integration/FinTech initiatives. Work closely in technology projects to threat model, vulnerability scan, and pen test the software, system and identify required control points in the application stack. Also to diagnose, document, and remediate application and database security vulnerabilities.
- Secure code review and ensure Database security. Provides 360 risk assessments and cyber security briefings and advises of critical issues that may affect cyber security objectives. Identifies potential areas where existing information security policies and procedures require change, or where new ones need to be developed, especially regarding new applications and architectures. Conduct technical in-depth security analysis of systems to identify gaps and find remediation. Recommends, integrates and maintains security tool sets.
- Identification, assessment, mitigation, monitoring, governance, and reporting of software vulnerability throughout IT and large-scale development programs such as Digital Transformation.
- Ensure proper technology risk considerations are addressed at each phase of the system development life cycle (SDLC) and provide proactive solutions to correct exposures or mitigate risk.
- Evaluates and recommends cyber security solutions, and/or procedures to enhance productivity and effectiveness. Maintains awareness of cyber trends, threats, and vulnerabilities. Other tasks and responsibilities as assigned.
- BSc/MSc degree in Information Security, Cyber Security, Computer Science or related fields is required.
- 5 to 8 year(s)
- Minimum 5 years of Working experience in Information Security as primary responsibility or minimum 8 years IT experience with Application as a primary responsibility and strong Application/Database security focus as a secondary job duty required.
- Knowledge and experience with application and Database vulnerability assessment and remediation. Some knowledge and developer experience with programming languages, such as C#, Java.
- Knowledge and experience with NIST, OWASP desired. Experience on implementing/managing security programs and controls. Knowledge of various security methodologies and processes, and technical security solutions. The candidate must be familiar with security principles and concepts.
- Drive innovation by analyzing and interpreting data to test and inform a new initiative or approach. Accountable for successful completion of multiple, individual projects simultaneously. Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences.
- Manage change and demonstrate adaptability by embracing change and adjusting priorities or processes and approach as needs dictate. Take responsibility for successes and failures related to individual and team-based project work assignments; actively presents suggestions for solution(s), if objectives not met.
- Professional industry certifications and experience in Application Security and Database security is recommended. CASE/CASS/GWEB, CPEH/CEH, GWAPT/ LPT/CSXP and OCP is expected. CISM/CISSP/ CSSLP would be an advantage.