IT Security Engineer - Absa Bank

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The IT Security Engineer is accountable for strategizing, implementing, and overseeing security protocols to protect the Bank’s digital assets, IT infrastructure, networks, systems, and data, while ensuring their integrity. This role involves proactively preventing, detecting, and responding to security breaches, vulnerabilities, and incidents, upholding information confidentiality, integrity, and availability.

Your responsibility includes efficiently addressing these concerns through patch application and other security measures. This role assumes complete ownership of end-to-end IT security for the Enablement function, aligning with Absa’s security policies and methodologies.

Close collaboration with cross-functional teams, particularly Cybersecurity, Enablement Risk and Governance, and Absa Regional Operations (ARO) Security and Risk functions, is essential to ensure prompt and efficient resolution of security issues. This collaboration aims to minimize the Bank’s vulnerability to potential threats and attacks.

Job Description

Accountability: Policy Development and Enforcement (15%)

This multifaceted role encompasses not only the implementation of security measures but also the development, communication, and enforcement of security policies and standards. Your contributions will be instrumental in fostering a security-conscious environment, mitigating risks, and ensuring that the Bank’s IT systems, networks, and data remain secure and compliant with industry regulations and best practices.

Security Policy Development and Enforcement:

• Develop, review, and update security policies, standards, and procedures in alignment with the Bank’s policies and industry regulations, best practices, and organizational objectives.
• Ensure policies reflect the Bank’s risk appetite and are tailored to address specific security challenges.
• Regularly evaluate the effectiveness of security policies through feedback, incident analysis, and industry benchmarking, and make iterative improvements.

Policy Compliance and Auditing:

• Monitor and enforce adherence to security policies and standards across the organization.
• Conduct regular audits and assessments to identify policy violations and recommend corrective actions.

Policy Gap Analysis:

• Regularly conduct gap analysis to identify areas where security policies need adjustment or enhancement to address new risks or technologies.
• Policy Advocacy and Communication:
• Act as an advocate for security policies, educating stakeholders about their importance and relevance to the organization’s security posture.
• Engage with legal, compliance, and other relevant departments to ensure security policies align with broader organizational objectives.

Security Awareness Campaigns:

• Lead or contribute to security awareness campaigns, designing engaging content and activities to educate employees on policy changes and best practices.

Accountability: Stakeholder Management (15%)

• Identify, analyse, and understand expectations from relevant stakeholders.
• Effective management of stakeholders throughout the information security lifecycle.
• Consultations with Accountable Executive / sponsor to report progress on IT security posture, escalate issues etc.
• Communication with various businesses and other enablers to support IT security related activities when required.
• Prepare and deliver presentations on security policies, incidents, and improvements to executive leadership.
• Translate technical security concepts into business-friendly language for executives and non-technical stakeholders.
• Facilitate change management processes when introducing new security policies or practices that impact established workflows.
• Provide support to teams adapting to changes, addressing concerns, and ensuring smooth transitions.
• Collaborate with external partners, vendors, industry groups, and regulatory bodies to align security practices and share insights on policy development and enforcement.
• Tailor security policy communications and engagement strategies to cater to different audiences within the organization, ensuring effective understanding and adoption.
• Address conflicts and disagreements related to security policies with a focus on finding common ground that balances security requirements and operational needs.
• Seek feedback from stakeholders to improve security policies and address gaps that may arise from real-world application.
• During security incidents or breaches, collaborate with communication teams to ensure accurate and transparent communication with stakeholders, maintaining trust and credibility.

Accountability on all of the below (60%)

Vulnerability Assessment:

• Conduct regular vulnerability assessments using automated scanning tools, manual testing, and other techniques to identify security weaknesses across the organization’s technology landscape.
• Analyse and interpret vulnerability scan results to prioritize and address the vulnerabilities identified.
• Stay updated with the latest threat landscape, emerging vulnerabilities, and attack vectors.

Patch Management:

• Collaborate with system administrators, developers, and other stakeholders to plan and execute patch management strategies.
• Research and test patches for compatibility and impact before deployment to ensure minimal disruption to systems and services.
• Develop and maintain a comprehensive patching schedule, ensuring timely deployment of security updates.

Remediation Planning and Execution:

• Evaluate the risk associated with identified vulnerabilities and work with relevant teams to develop effective remediation plans.
• Provide clear guidance and recommendations to system owners and administrators on patching and mitigation strategies.
• Monitor and track the progress of vulnerability remediation efforts, escalating critical issues as needed.

Incident Response:

• Participate in incident response efforts by identifying vulnerabilities that may have contributed to security incidents and breaches.
• Contribute to the development of incident response plans and processes that involve vulnerability management.

Documentation and Reporting:

• Maintain accurate and up-to-date records of vulnerabilities, patches applied, and their outcomes.
• Generate regular and ad hoc reports on vulnerability assessment findings, patching status, and overall security posture for management and relevant stakeholders.

Continuous Improvement:

• Continuously evaluate and enhance vulnerability assessment and patching processes to adapt to changing threat landscapes and technology environments.
• Provide insights and recommendations for security enhancements based on analysis of vulnerabilities and their potential impact.

Threat Intelligence Integration:

• Stay informed about the latest threat intelligence, vulnerabilities, and exploits through reputable sources.
• Incorporate threat intelligence into vulnerability assessments to identify vulnerabilities that are actively being targeted by cybercriminals.

Testing and Validation:

• Collaborate with the testing team to ensure that patches are thoroughly tested in a controlled environment before being applied to production systems.
• Develop and execute testing scenarios to verify the effectiveness of patches in addressing identified vulnerabilities.

Coordination and Communication:

• Serve as a liaison between different teams, including IT, development, and security, to ensure seamless coordination of patching efforts.
• Communicate effectively with stakeholders about the urgency of patch deployment, potential risks, and necessary downtime.

Research and Analysis:

• Conduct in-depth analysis of zero-day vulnerabilities and emerging threats to assess potential impact on the organization.
• Collaborate with security researchers and external vendors to gather insights into vulnerabilities and available patches.
• Stay current with emerging security threats, trends, and technologies. Share knowledge and insights with the team and the organization.

Automation and Scripting:

• Develop and maintain scripts and automation tools to streamline vulnerability scanning, patch testing, and deployment processes.
• Identify opportunities to automate routine tasks to improve efficiency and accuracy.

Configuration Management:

• Collaborate with configuration management teams to ensure that systems and applications are built and deployed with security in mind.
• Provide guidance on secure configuration settings to reduce the attack surface.

Training and Awareness:

• Conduct training sessions or workshops for technical teams to enhance their understanding of vulnerabilities and the importance of timely patching.
• Raise awareness among non-technical stakeholders about the impact of vulnerabilities and the organization’s efforts to address them.

Third-Party Risk Management:

• Assess vulnerabilities in third-party applications and services that are used by the organization.
• Collaborate with procurement and vendor management teams to ensure that vendors adhere to security requirements and provide timely patches.

Metrics and Reporting:

• Develop and maintain key performance indicators (KPIs) to measure the effectiveness of vulnerability management and patching processes.
• Generate executive-level reports that provide insights into the organization’s security posture and improvements over time.

Regulatory Compliance:

• Ensure that vulnerability and patch management processes align with relevant regulatory frameworks and standards.
• Participate in audits and compliance assessments related to vulnerability management.

Security Architecture Design:

• Collaborate with IT architects to develop and implement robust security architectures for new and existing systems and applications.
• Design security solutions that align with business requirements and industry best practices, encompassing technologies such as firewalls, intrusion detection systems, encryption, and authentication mechanisms.

Education And Experience Required

• Bachelor’s or master’s degree in computer science, Information Technology, or a related field.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+.
• Strong knowledge of network protocols, firewalls, intrusion detection/prevention systems, and security technologies.
• Familiarity with operating systems (Windows, Linux), network architecture, and cloud security.
• Excellent problem-solving skills and the ability to respond quickly to security incidents.
• Strong communication skills to effectively collaborate with team members and stakeholders.

Knowledge & Skills: (Minimum of 3)

• Experience of employing IT security management best practices and disciplines
• Awareness of the Bank including systems, products, and services
• Experience of managing activity across the whole of IT security lifecycle, using current technology, structured methods, and a quality process
• Exposure to governance, control, and risk management
• Proven ability to effectively work within teams at all levels.
• Strong understanding of common security vulnerabilities, attack vectors, and mitigation strategies.
• Proficiency in vulnerability scanning and assessment tools.
• Experience with patch management processes and tools.
• Solid understanding of network protocols, operating systems, and application architectures.
• Strong analytical and problem-solving skills.
• Effective communication skills to collaborate with technical and non-technical stakeholders.
• Ability to work independently and as part of a team.
• Knowledge of regulatory requirements and security standards (e.g., GDPR, ISO 27001, PCIDSS) is a plus.

Competencies: (Minimum of 3 competencies)

• Management and leadership
• Exceptional service and results orientation.
• Superior analytical, evaluative, and problem-solving abilities.
• Ability to work under pressure and time constraints.
• Excellent self-organization and self-direction in performance of tasks, including time management skills.
• Ability to set and manage priorities.
• Maintaining up-to-date knowledge of technological advances is crucial.

Education

Higher Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)