Banka Amerikane e Investimeve - ABI Bank
15.01.2015, 09:20
Ref Job number: #001 ISO#
Job Title: Information Security Officer
Location: Tirana
Division: Information Security Sector
Closing Date: 28/01/2015
Credit Agricole Albania Bank S.A., Crédit Agricole Group, a market leader in universal customer-focused banking in France and one of the largest banks in Europe seeks to serve the real economy by supporting its clients’ projects in all areas of retail banking and associated specialized business lines.
Emphasizing its values and its commitment, we are the bank of common sense. It puts the satisfaction and the interests of its 54 million customers, 160,000 employees, 1.2 million shareholders and 6.5 million mutual shareholders, at the heart of its activities.
We are seeking to recruit: Information Security Officer
Direct Reports to: Chief Operations Officer
Job Purpose: Protect Information Systems of the Bank from both internal and external threats, ensuring continuity and development of Bank activities.
Main Responsibilities:
· Formalize the ISS governance system
· Publish and communicate the system
· Formalize how the governance system should be implemented
· Coordinate the ISS decision-making body
· Share information with all agents involved in the ISS governance
· Put in place a system of information sharing for the various ISS agents
· Relay information between correspondents (in management and subsidiaries)
· Represent your Bank in the Group (or parent company) bodies related to IS (workgroups, committees, etc.)
· Contribute to the internal control report
· Manage the treatment of requests coming from the Group (or the parent company)
· Collect information on ISS controls in your company
· Prepare a summary of this information for the internal control report
· Submit the report to management and to other bodies
· Establish an Annual Action Plan
· Perform a complete inventory of Group and Bank factors that will influence the action plan
· For each new action, work jointly with key players to set out a rough plan for one or several projects, with price indexes, phases and the likely project owners
· Suggest priorities for each project and, to facilitate decision-making, prepare a summary that clearly states the risks associated with the choice of priorities
· In parallel, prepare the recurring action plan with the corresponding operational budget
· Organize the decision-making committee and plan a meeting to make decisions necessary for projects, validation of the recurring action plan and official designation of project owners
· Keep watch over potential new threats and risks.
· Use monitoring tools and sources (threat trends and security strategies) and prepare reports
· Evaluate and report on the level of information systems risk control
· Deliver integral reports on the bank level for resistance to defined risk scenarios
· Prepare an adequacy analysis of the IT security level provided for processes designated by the operational risk units
· Prepare a report summarizing the degree to which security policies have been applied
· Prepare a report summarizing losses linked to IS incidents
· Alert the proper bodies if the risk cannot be contained
· Detect risks that surpass the containment capacity of the Bank
· Inform and alert, depending on the case, the necessary bodies and intermediaries
· Adapt existing regulations to the regulatory constraints and business context specific to our Bank
· Set the terms for applying policies and promote defined regulations
· Establish an annual control plan
· Define the perimeter, objectives and modalities for ISS controls.
· Obtain results for all controls to be reported to your level, as outlined by the control plan
· Perform all controls that fall under your responsibility
· Provide or relay all relevant control results for the reporting and dashboards required by local or central management
· For anomalies detected by controls, activate alerts and coordinate the preparation of action plans
· Ensure high-quality risk analysis
· Implement and communicate the MESARI method of risk analysis
· Evaluate the Group level (2.2c) control indicator for security in the acquisition, development and maintenance of IS
· Personally or by way of a “risk control” agent, verify the objectivity of risk analyses, especially in matters of describing residual risk linked to the installation of new systems
· Ensure the proper handling of incidents
· Define the modalities and criteria by which you will be informed of incidents, and define your role in handling them
· Verify the existence of operational procedures for the management of serious incidents and crises, especially for vital infrastructure
· When involved in handling an incident, supervise the necessary procedures and, if necessary, help lead crisis management
· Following the resolution of an incident that you worked on, contribute to follow-up on the action plan and the evaluation of losses
· Advice and assist project owners and project managers
· Make known to project owners your role in providing assistance
· Provide requested assistance or proactively offer assistance when necessary
· Train and raise awareness
· Categories information sources that can be useful in raising awareness
· Identify the key players, the means of raising awareness, and training programs adapted to the target groups
· Emphasize awareness campaigns in your own action plans and in those of your partners
· Communicate security decisions and important events to committees and during meetings
Fraud Prevention/ Liaisons’ Responsibilities:
To coordinate and monitor within the Information Security Sector the implementation of the Anti-Fraud Program provided by Fraud Prevention designated bodies; report timely to the Fraud Prevention the Anti-Fraud Program deployment stage.
Based on the Anti-Fraud Program provided by Fraud Prevention designated bodies assume additional responsibilities and prepare the detailed Action Plan for fulfillment of the Anti-Fraud Program
In collaboration with Fraud Prevention, review and evaluate the existing procedures, controls, systems, that could be affected by Internal/ External Fraud.
Responsible for preventing, detecting and reporting fraud cases that occur in his/her sector & documenting in detail this reporting.
Work with the Fraud Prevention to evaluate and recommend the need for new fraud detection systems including the development of the existing ones.
Follow up the implementation of instruction/suggestions issued by Fraud Prevention and report accordingly.
Establish an effective communications system to keep the staff under responsibility informed on instructions and guidelines provided by Fraud Prevention.
The ideal Candidate should have:
· Good analytical and problem-solving skills
· Good investigation skills
· Good written and oral communication skills
· Ability to multi-task in a fast-paced environment
· Ability to work independently.
· Must be able to prioritize and meet deadlines.
Criteria to be fulfilled:
- University degree in Computer Science, Electronic Engineering, or related fields.
- Five years working experience in IT positions, including data and computer security.
- Extensive experience with Windows Operating Systems.
- Experience as a system administrator in Windows networks.
- Experience in networking protocols (LAN/WAN), firewalls, encryption techniques, virus detection and intrusion detection, prevention systems.
- Good knowledge of network devices, Internet services, E-Mail servers, Web servers.
- Good knowledge of programming languages.
- Good knowledge of Database systems.
- English (written/oral).
How to apply:
Strong motivated candidates looking for a dynamic job and professional team are welcomed to apply by following these steps:
1. Properly fill our standard application form available to be downloaded. We kindly advise to carefully fill all required info and obligatory fields. For downloading the application form, please click here (http://www.credit-agricole.al/wp-content/uploads/2015/01/Job-Application2.doc).
2. Submit the completed application form by sending it only through this e-mail address jobapplication@credit-agricole.al (jobapplication@credit-agricole.al)
3. In the e-mail subject please specify clearly the position reference number.
Please note that only shortlisted candidates will be further contacted from our HR specialists.
Publication date: 14/01/2015
Job Title: Information Security Officer
Location: Tirana
Division: Information Security Sector
Closing Date: 28/01/2015
Credit Agricole Albania Bank S.A., Crédit Agricole Group, a market leader in universal customer-focused banking in France and one of the largest banks in Europe seeks to serve the real economy by supporting its clients’ projects in all areas of retail banking and associated specialized business lines.
Emphasizing its values and its commitment, we are the bank of common sense. It puts the satisfaction and the interests of its 54 million customers, 160,000 employees, 1.2 million shareholders and 6.5 million mutual shareholders, at the heart of its activities.
We are seeking to recruit: Information Security Officer
Direct Reports to: Chief Operations Officer
Job Purpose: Protect Information Systems of the Bank from both internal and external threats, ensuring continuity and development of Bank activities.
Main Responsibilities:
· Formalize the ISS governance system
· Publish and communicate the system
· Formalize how the governance system should be implemented
· Coordinate the ISS decision-making body
· Share information with all agents involved in the ISS governance
· Put in place a system of information sharing for the various ISS agents
· Relay information between correspondents (in management and subsidiaries)
· Represent your Bank in the Group (or parent company) bodies related to IS (workgroups, committees, etc.)
· Contribute to the internal control report
· Manage the treatment of requests coming from the Group (or the parent company)
· Collect information on ISS controls in your company
· Prepare a summary of this information for the internal control report
· Submit the report to management and to other bodies
· Establish an Annual Action Plan
· Perform a complete inventory of Group and Bank factors that will influence the action plan
· For each new action, work jointly with key players to set out a rough plan for one or several projects, with price indexes, phases and the likely project owners
· Suggest priorities for each project and, to facilitate decision-making, prepare a summary that clearly states the risks associated with the choice of priorities
· In parallel, prepare the recurring action plan with the corresponding operational budget
· Organize the decision-making committee and plan a meeting to make decisions necessary for projects, validation of the recurring action plan and official designation of project owners
· Keep watch over potential new threats and risks.
· Use monitoring tools and sources (threat trends and security strategies) and prepare reports
· Evaluate and report on the level of information systems risk control
· Deliver integral reports on the bank level for resistance to defined risk scenarios
· Prepare an adequacy analysis of the IT security level provided for processes designated by the operational risk units
· Prepare a report summarizing the degree to which security policies have been applied
· Prepare a report summarizing losses linked to IS incidents
· Alert the proper bodies if the risk cannot be contained
· Detect risks that surpass the containment capacity of the Bank
· Inform and alert, depending on the case, the necessary bodies and intermediaries
· Adapt existing regulations to the regulatory constraints and business context specific to our Bank
· Set the terms for applying policies and promote defined regulations
· Establish an annual control plan
· Define the perimeter, objectives and modalities for ISS controls.
· Obtain results for all controls to be reported to your level, as outlined by the control plan
· Perform all controls that fall under your responsibility
· Provide or relay all relevant control results for the reporting and dashboards required by local or central management
· For anomalies detected by controls, activate alerts and coordinate the preparation of action plans
· Ensure high-quality risk analysis
· Implement and communicate the MESARI method of risk analysis
· Evaluate the Group level (2.2c) control indicator for security in the acquisition, development and maintenance of IS
· Personally or by way of a “risk control” agent, verify the objectivity of risk analyses, especially in matters of describing residual risk linked to the installation of new systems
· Ensure the proper handling of incidents
· Define the modalities and criteria by which you will be informed of incidents, and define your role in handling them
· Verify the existence of operational procedures for the management of serious incidents and crises, especially for vital infrastructure
· When involved in handling an incident, supervise the necessary procedures and, if necessary, help lead crisis management
· Following the resolution of an incident that you worked on, contribute to follow-up on the action plan and the evaluation of losses
· Advice and assist project owners and project managers
· Make known to project owners your role in providing assistance
· Provide requested assistance or proactively offer assistance when necessary
· Train and raise awareness
· Categories information sources that can be useful in raising awareness
· Identify the key players, the means of raising awareness, and training programs adapted to the target groups
· Emphasize awareness campaigns in your own action plans and in those of your partners
· Communicate security decisions and important events to committees and during meetings
Fraud Prevention/ Liaisons’ Responsibilities:
To coordinate and monitor within the Information Security Sector the implementation of the Anti-Fraud Program provided by Fraud Prevention designated bodies; report timely to the Fraud Prevention the Anti-Fraud Program deployment stage.
Based on the Anti-Fraud Program provided by Fraud Prevention designated bodies assume additional responsibilities and prepare the detailed Action Plan for fulfillment of the Anti-Fraud Program
In collaboration with Fraud Prevention, review and evaluate the existing procedures, controls, systems, that could be affected by Internal/ External Fraud.
Responsible for preventing, detecting and reporting fraud cases that occur in his/her sector & documenting in detail this reporting.
Work with the Fraud Prevention to evaluate and recommend the need for new fraud detection systems including the development of the existing ones.
Follow up the implementation of instruction/suggestions issued by Fraud Prevention and report accordingly.
Establish an effective communications system to keep the staff under responsibility informed on instructions and guidelines provided by Fraud Prevention.
The ideal Candidate should have:
· Good analytical and problem-solving skills
· Good investigation skills
· Good written and oral communication skills
· Ability to multi-task in a fast-paced environment
· Ability to work independently.
· Must be able to prioritize and meet deadlines.
Criteria to be fulfilled:
- University degree in Computer Science, Electronic Engineering, or related fields.
- Five years working experience in IT positions, including data and computer security.
- Extensive experience with Windows Operating Systems.
- Experience as a system administrator in Windows networks.
- Experience in networking protocols (LAN/WAN), firewalls, encryption techniques, virus detection and intrusion detection, prevention systems.
- Good knowledge of network devices, Internet services, E-Mail servers, Web servers.
- Good knowledge of programming languages.
- Good knowledge of Database systems.
- English (written/oral).
How to apply:
Strong motivated candidates looking for a dynamic job and professional team are welcomed to apply by following these steps:
1. Properly fill our standard application form available to be downloaded. We kindly advise to carefully fill all required info and obligatory fields. For downloading the application form, please click here (http://www.credit-agricole.al/wp-content/uploads/2015/01/Job-Application2.doc).
2. Submit the completed application form by sending it only through this e-mail address jobapplication@credit-agricole.al (jobapplication@credit-agricole.al)
3. In the e-mail subject please specify clearly the position reference number.
Please note that only shortlisted candidates will be further contacted from our HR specialists.
Publication date: 14/01/2015