ICT (Information and Communications Technology) and Information Security Risk Analyst (Ref.ICT2023)

Do you have a passion for information security?

We are looking for an ICT and Information Security Risk Analyst to join our information security team. The successful applicant will evaluate the current state of ICT and Security controls, identify potential security risks, and develop action plans to address them.

Do you believe you have what it takes?

More information

    1. Assess current state of ICT and Security controls, identify potential risks, and develop action plans to mitigate the identified risks.
    2. Performs gap assessments against ICT and/or Information Security International standards and frameworks (such as ISO/ITIL/COBIT) and against relevant laws and regulations (such as PSD2, ECB directives, PCI, SWIFT) to ensure compliance.
    3. Conducts ICT and security controls maturity assessments, analyses the results, reflects the maturity score, and defines action plans to mitigate key security risks, to ensure the Group's compliance with the applicable Frameworks.
    4. Monitors the progress of implementation of the actions specified in the risk mitigation action plans, supports their resolution to eliminate weaknesses on the Group's systems and evaluates their successful completion.
    5. Acts as subject matter expert and provides guidance on ICT and/or Information Security governance controls.
    6. Contributes to day-today ICT and Information Security Processes (such as DLP Management, Phishing Management, Vulnerability Management, Incident Management, Audit Management etc.).
    • Bachelor of Science or Master of Science degree in Information Technology or Information Security disciplines.
    • Professional certifications such as CISA, CISSP, CISM or working towards one would be considered as an advantage.
    • Awareness of IT and IT Governance Controls (ITIL and/or COBIT) and/or ISO27001, would be considered as an advantage.
    • IT Audit and/or Information Security Risk experience will be considered as an advantage.
    • Familiarization with relevant laws and regulations (e.g., PSD2, ECB directives, PCI, SWIFT) will be considered as an advantage.
    • Very good communication skills (verbal and writing) in both Greek and English.
    • Very good presentation skills in technical and business terms.
    • Very good rational analysis and problem-solving skills.
    • Ability to work under pressure.
    • Efficiency in time management, prioritization of tasks and working within the predetermined deadlines.
    • Very good research skills to map international best practices.
  • All applications will be received through the “e-Recruitment” system which is available on the Bank’s website www.bankofcyprus.com/group (Careers), by following the steps below:

    Registration

    Profile submission:

    • Electronic submission of personal /academic/ professional and other data
    • “Release” of the profile

    Application for specific vacancies, through “Employment Opportunities” section:

    • Job Search
    • Start
    • Select Job
    • Apply
    • Send Application (top, right hand side)
    • Send Application

Additional Notes

1) Candidates who are interested in the specific position and have expressed their interest for employment in Bank of Cyprus in the past through the e-Recruitment system, are required to submit a new application (provided that they meet the criteria set).

2) Only shortlisted candidates will be contacted.

3) All applications will be treated with strict confidence.