|Date Posted:||Jul 17, 2021|
|Closing Date:||Aug 1, 2021|
|Work Type:||Full Time|
|Number of Vacancies:||1|
|Functional Area:||Information Technology|
|Salary Range:||As per company salary scaleAF|
|Years of Experience:||3 - 5 Years|
|Contract Duration:||Not specified|
|Possibility of Contract Extension:||No|
|Probation Period:||3 months|
The First Microfinance Bank - Afghanistan
Founded in 2004, The First Microfinance Bank - Afghanistan (FMFB-A) is part of the Aga Khan Agency for Microfinance (AKAM), which has programmes in over 10 countries throughout the developing world. FMFB-A's vision is to be recognized as the leading microfinance services provider contributing to poverty alleviation and economic development through the provision of sustainable financial services primarily targeting micro/small businesses and households. The bank provides credit and deposit products to a wide range of clients including micro, small and medium enterprises along with commercial banking and international remittance services.
The bank is also a member of the Global Alliance for Banking on Values (GABV) - an independent network of banks using finance to deliver sustainable economic, social and environmental development. Our values-based banking agenda focuses on providing affordable financial services that promote entrepreneurship, agriculture, incremental housing and clean energy in Afghanistan.
With nearly 1,500 employees (20% women), FMFB-A operates in 14 provinces of Afghanistan through 39 branches (including one woman only branch). The number of FMFB-A clients across 14 provinces reaches about to 197,000 (23% women) both in rural and urban areas. The FMFB-A loan outstanding and deposit values reach to over AFN 4.5 billion and AFN 7.6 billion, respectively.
The incumbent of the position is responsible to Develop and implement an enterprise level information security program and IT Security risk-based program to ensure the integrity, confidentiality and availability of systems and information are controlled and maintained. Implement IT security V&A plan and help chief information officer in development of policies and procedures to support bank objectives. Implement Cyber Incident Response Plan in respect to cyber incident management. Ensure to provide response capabilities during cyber incident lifecycle to minimize and eliminate the impact on bank operation. Develop and maintain IT security baseline for all IT infrastructure and monitor its implementation. Develop and enhance IT security threat model and define proactive mitigation measures. Ensure that security programs are in accordance with existing regulations and policies to minimize or eliminate Cyber risks and audit findings.
Duties & Responsibilities:
- Define and facilitate the information technology security risk assessment process, including the reporting and treatment of efforts to address negative findings.
- Manage security incidents and events to protect corporate IT assets and information.
- Implement and monitor IT security policy and Patch Management Policy.
- Monitor the threats and environment for unexpected threats, and advise relevant IT functions to take appropriate actions.
- Monitoring new service are deployed and tested in disaster recovery sites.
- Facilitate reporting on effectiveness and efficiency of security programs and increase the maturity of IT security.
- Liaise with IT functions and other departments on IT security and risk matters.
- Assist process owners and other IT staff to understand security threats and respond to security audit failures that reported by auditors.
- Keep update the IT inventory list and ensure patch releases are up to date in systems.
- Inform IT security issues to bank management and participate in change management process.
- Define and classify data and assets of Information and Technology Department.
- Ensure a strong professional relationship with other IT functions to develop and implement controls and configurations are aligned with IT security policy and audit requirements.
- Coordinate operational components of incident management, including detection, response and reporting.
- Manage activities of threat and vulnerability management, identify IT security risk exceptions, recommend treatment plans and communicate information.
- Monitor System user activities, audit trails, system logs periodically and comply with policies and audit requirements.
- Ensures vulnerabilities are managed by directing periodic vulnerability scans of all FMFB-A network.
- Ensure a proactive approach is in place for intrusion detection, prevention of attacks and analyze the configuration and of firewalls and routers in the perimeter.
- Develop and manage information security budgets and recommend industry best Security Information and Event management tools and solutions.
- Manage training, awareness programs, staff development, performance management and annual performance reviews.
- A bachelor's degree in information systems or equivalent work experience in information security is preferred.
- Must be CISM, CASP+, CCNP Security or CISSP is preferred.
- Minimum of 3 years’ experience in network, systems or infrastructure.
- Having experience in banking and banking related systems and upgrade projects within industry are advantages.
- IT Security certified and information systems security certified.
- Familiar with IT relevant hardware and software.
- Knowledge of applications servers and OS.
- Knowledge of SIEM and Other security monitoring and engine solutions.
- Strong leadership skills and the ability to work effectively with business departments, IT functions and IT operation team.
- A strong understanding of the business impact of security tools, technologies and policies.
- Experience in performing IT security risk, business impact, control and vulnerability assessments.
- Experience in technology security testing, vulnerability scanning and penetration testing.