IT Security eFraud Analyst
- Manama, Capital Governorate, Bahrain Manama Capital Governorate BH
- Permanent, Full time
- 17 Mar 18 2018-03-17
The primary role of this position is to provide support for electronic fraud (eFraud) prevention, detection, monitoring and reporting for the Bank’s retail and digital banking business. eFraud is committed when criminals use customers’ personal information, bank accounts, computers or mobile devices to transfer money, pay bills, make purchases or otherwise use customers’ identity for their own purposes. The job holder is expected to support the Group Information Security team in analysing and assessing security events and other IT security related topics on internet facing and mobile applications (e.g., Internet and Mobile Banking, Digital Wallet, etc.).
Principal Responsibilities, Accountabilities and Deliverables of Role:
- Complies with the Group’s documented standards, policies and procedures, and with the Information Security standards.
- Provides the Head of Group Information Security with an independent assessment of the adequacy, effectiveness and sustainability of the eFraud management system and other security related tools and management processes.
- Work in partnership with other Information Security and IT staff to ensure key IT activities are controlling risks effectively, recommending improvements where appropriate.
- Support the effectiveness and efficiency of the Information Security and eFraud monitoring process through the use of automated tools and techniques wherever possible.
- Collaborates with security organization team members to assess and analyse security operations and suggests improvement
- Oversees remediation of vulnerabilities and incidents identified through the eFraud process, ensuring they are remediated effectively and on a timely basis, particularly those that are deemed to be high risk.
- Maintains up to date knowledge of new technologies and their inherent risks especially those which are/planned to be deployed.
- Monitors alerts and reports generated by eFraud and other security systems.
- eFraud forensic to further investigate Information or Cyber security events in this areas.
- Banking Trojans and Malware cyber-attack research to be able to define and implement counter measures and mitigations.
- Monitors configuration settings on the infrastructure to ensure the proper capture and storage of eFraud and security events
- Compiles reports as required by management or as specified by security policy.
- Provides monitoring support for the incident management process acting as the central point of contact for eFraud incident reporting.
- Maintains eFraud security metrics.
- Maintains eFruad security procedures and ensures that necessary changes are incorporated as directed by the manager
- Evaluates the extent of compliance with established policies, procedures, control guidelines and generally accepted industry standards and practices.
- Constant optimization of cyber security eFraud guidelines and security measures to prevent occurrence of eFraud cyber events.
- Develops and maintains a security awareness program for the retail, digital and corporate banking customers.
Job Context (Circumstances & environment surrounding the job):
Anyone who uses the internet or mobile Apps is a potential target for fraudsters. At the bank, our priority is to protect our customers and information assets. We use the latest technology and strategies to detect eFraud as early as possible. Under general supervision from the Group Head of Information Security the job holder performs professional and technical work in the Information Security department in developing, implementing and maintaining eFraud processes, tools and controls. Assists the team and other personnel to identify and analyse threats and vulnerabilities posing risks to internet banking, mobile banking and other information assets. Manages the scope, schedule and other resources that may be required to prevent and monitor eFraud through the Group.
- A strong understanding of IT architecture, infrastructure and security for digital banking
- Deep understanding of common cyber-attack patterns and mitigations for digital banking
- Experience with forensic analysis of banking Trojans, malware, customer phishing, fake mobile apps.
- Display strong knowledge of Cyber Security and Information security best practices
- Display basic knowledge of IT processes: application development, change and release management, incident and problem management, software asset management, IT risk management, security management, data management.
Education / Certifications
University Degree in Information Technology/Information Systems/Computer sciences from an accredited 3-4-year programme.
The IT Security eFraud analyst should have certifications for fraud analysis CFE, CEFI, forensic analysis GNFA, CHFI, CCFP, and may hold security related qualification (CISM, CISSP).
At least 10 years of experience, with a minimum of 3 years in eFraud or 5 years in banking fraud prevention and monitoring from international financial service organisations. The remainder, in pure IT or Information Security activities including forensics analysis.