BANK OF PAPUA NEW GUINEA
“Equal Opportunity Employer”
The Bank of Papua New Guinea is a Contemporary Central Bank and Regulator employing best practice in the development and implementation of Monetary Policy; conduct of Financial Sector Supervision and in ensuring an efficient, safe and well-functioning Payments System.
The Bank of Papua New Guinea invites expression of interest from suitably qualified and experienced individuals to fill the following position in the ICT Department: -
SECURITY ANALYST – ICT SECURITY UNIT
The incumbent will report directly to the Manager, ICT Security Unit.
The primary role of the ICT Security Analyst is to implement the Security Business Unit work plan by performing the following roles and responsibilities:
- Monitor and manage security logs generated by the security event log tool
- Assist with developing an on-going risk assessment programme targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing
- Working with system administrators and external security consultants on the Vulnerability Assessment, Remediation and Penetration Testing.
- Installation, administration and management of SSL certificates and the Certificate Authority (CA
- Conducting security awareness training through HR inductions, specialist workshops/ presentations
- Reviewing of user access privileges for critical applications
- Responding to audit and risk requirements
- Investigate network for security breaches and investigating security violation when a breach has happened
- Proposing, installing and administering security software, such as anti-virus, firewall, data encryption to protect sensitive applications and information
- Analyse penetration reports from external penetration testers and work with system administrators to resolve detected issues
- Performing vulnerability and risks assessments to identify gaps and reporting of BPNG systems, applications, processes, standards and procedures and propose mitigation controls
- Work with network team to review and audit configurations on network devices to ensure configurations are hardened
- Review of ACLs on firewalls and routers
- Analysing and reviewing of logs from IPS/IDS, web filters and email Filters
- Disaster Recovery/Business Continuity tasks
- Change Management processes and requirements.