Job Description :
Information Security is a critical IT Risk Management activity that is regulated by the Government and is mandated by Corporate and Sector policy. The ICG Information Security Program Analyst will be responsible for ensuring effective ongoing program governance, reporting, and escalation for the scheduling component on the vulnerability assessment (VA) program. This role will work with the business-embedded Global Information Security Officers and Application Managers to meet on-going program milestones. This role will also assist with identifying opportunities for process improvements.
Key Responsibilities
• Manage the issue VA scheduling component for approximately 600 applications in VA scope for compliance with the System Security Testing Standards (SSTS) by analyzing and reviewing the monthly and Weekly Metrics report, as well as, systems notifications to determine applications which requires a test to be scheduled, test report to be issued, systems updates required or any other areas requiring attention.
• Engage the application managers and ISOs to take the appropriate action.
• Manage testing issues through notification from the Archer system or through emails to ensure that testing progresses and are not cancelled or rescheduled.
• Create weekly and monthly report to communicate to the ICG senior management, application managers and ISOs the current status of scheduling issues and action required.
• Liaise with ICG Application Managers and ISOs to ensure that test scheduling information is appropriately reflected in the system.
• Escalate VA scheduling issues and any perceived risks to senior management where appropriate.
• Provide periodic SBT status reports to ICG IS management and ICG IS SSDLC Program Manager.
• Create and maintain the ICG bi-weekly late scheduling report.
• Provide input into the Global Information Security Monthly Report (GISMR) to Executive Management regarding VA Scheduling status, as appropriate.
• Recommend new / revised Key Risk Indicators and Key Performance Indicators for VA Scheduling, as appropriate.
• Manage VA Scheduling within the defined KRI/KPI threshold to maintain green status. Accurately update management of metrics threshold status.
• Actively participate in VA Scheduling discussions across the firm.
Knowledge/Experience/Skills:
• A confident, dynamic individual capable of working with both technology and business contacts in a constantly evolving environment.
• Undergraduate degree required.
• Good Project Management skills/working knowledge of the techniques for planning, monitoring and controlling programs and resources.
• Experience in both project/program management or information security.
• Customer-oriented, resourceful and enthusiastic.
• Experience in the banking industry.
• Excellent interpersonal, written and verbal communication skills.
• Analytical and problem solving skills with the ability to present data in a format that facilitates senior management decision making.
• Adept at multitasking.
• Ability to work independently with a virtual team. Comfortable working as part of global team across multiple countries, cultures and time-zones.
• Good time management skills with the ability to remain calm under pressure and meet deadlines.
• Good organizational skills, ability to work under pressure and prioritize within deadlines while maintaining total accuracy.
• Ability to work in a matrix environment and partner with virtual teams.
• Ability to work as part of a team, and also independently under own supervision.
• High level of attention to detail.
• Quick learner and ability to work in a diverse, global environment.
• Microsoft Office skills required.
• Self-motivated and demonstrate high level of drive, energy and initiative.
• Good knowledge of Microsoft Office with Excel, and Outlook skills.
Source link