1.Manage & operate the vulnerability scanning and application scanning tools and ensure that it is properly functioning all the time.

2.Coordinate with the respective stakeholders to conduct regular network scans (active and/or passive) to identify security gaps and vulnerabilities across all the bank’s critical assets.

3.Run scheduled vulnerability scans using the provided tools and identify areas of vulnerability that need remediation to ensure on-going remediation of vulnerabilities on CIB’s technology environment across its different layers.

4.Communicate with the respective stakeholders within IT group to ensure remediation of the open gaps/vulnerabilities within the identified periods based on criticality.

5.Report exceptions on the vulnerability remediation activities for further escalation to ensure proper closure, and ensure reporting outstanding vulnerabilities to information security management team for initial risk assessment and reporting to Security & Technology Risk Management.

6.Maintain a tracking mechanism for all vulnerability management related issues, and other security assessments, testing and validations in a structured mechanism to ensure regular reporting and tracking of action items until closure.

7.Ensure conducted vulnerability and baseline scans as part of new server provisioning cycle, CBE alerts validations.

8.Liaise with Security Operations Center team to ensure conducting vulnerability scans based on threat intelligence/threat hunting reports

9.Ensure conducting the required vulnerability scans for annual compliance with SWIFT and CBE regulations and other regulations / mandates as applicable.

10.Maintain all needed documentation supporting Security Vulnerability Management, to ensure on-going tracking and documentation.

11.Monitor the developed compliance use cases to support the different security controls and compliance requirements and communicate violations to the relevant teams.

12.Directing threat modelling activities to identify potential security vulnerabilities and implementing approaches to address them

Qualifications & Experience

oBachelor’s degree of Engineering, Computer Science, Information Security or equivalent.

oOfficer: Minimum 3 - 6 years of experience in IT Security, Risk or Compliance

oSenior Officer: Minimum 5-7 years of experience in IT Security, Risk or Compliance

Recommended Certifications

oCertified PCI-DSS Professional

oEC Council – CEH

Skills

oGood command of English and Arabic language

oGood Communication skills

oGood Analytical skills

oGood Time management

oGood Teamwork Spirit