Sparkasse Bank Malta plc is a licensed credit institution which provides private banking, investment services and custody / depository services.
As a result of our continuous growth, a vacancy has arisen for an IT Analyst within the IT Regulatory & Compliance Team.
This role is embedded into the first line of defence (1LOD) and offers a wide exposure to regulations, security frameworks, IT related governance and audit matters and industry attestations under the guidance of the department Manager.
Main Duties:
Extensive training will be provided.As a result of our continuous growth, a vacancy has arisen for an IT Analyst within the IT Regulatory & Compliance Team.
This role is embedded into the first line of defence (1LOD) and offers a wide exposure to regulations, security frameworks, IT related governance and audit matters and industry attestations under the guidance of the department Manager.
Main Duties:
- Provide support in relation to the interpretation and implementation of applicable IT regulations and act as liaison with stakeholders
- Prepare gap analyses in respect of regulatory requirements related to IT or that require the involvement of the IT Department
- Coordinate in a timely manner mandatory IT self-evaluations and external IT audits (e.g. but not limited to SWIFT Customer Security Programme, TARGET2 Attestation, and audits required pursuant to PSD2)
- Act as liaison with the internal or external auditors and the Audit Committee in respect of audits related to IT
- Monitor / track IT deliverables pertaining to IT regulatory requirements and IT audit remediation plans
- Assist in dealing with IT related queries / questionnaires from audit, counterparties and supervisory authorities in a timely manner
- When needed assist in Bank-wide projects to ensure that new or existing legal or regulatory requirements involving IT elements and/or IT changes are met
- Keep abreast of evolving IT regulatory and IT security regulatory issues concerning the IT sphere
- Preparing and maintaining policies, procedures and processes owned by the Bank’s IT Department
- Preparing outsourcing related documentation related to the procurement of new IT services and/or infrastructure
- IT third party service provider monitoring (incl. outsourcing)
- Maintaining IT Risk Register, IT Calendar and other departmental document inventories
- Support in the monitoring of the team’s outsourced function which is involved in security operations, including:
- Support with tickets raised by the security operations function in relation to application and network events and definition related alerts
- Support in updating documentation and risk assessments related to monitoring of security relevant event logs
- Record keeping of events, alerts and materialized IT incidents
- Helping remediate detected vulnerabilities to maintain a high-security standard
- Support IT Operations in IT incident triaging and response for occurrences which are related to security events
- Together with the outsourced function monitor the Asset Lifecycle and End-of-Life / End-of-Support Management for the Bank’s various systems and applications by building a database of security sources and subscriptions to receive security vulnerability alerts
- Monitoring of anti-malware and vulnerability scans aimed at continuous vulnerability assessment and remediation
- Liaising with the outsourced function in relation to website cloning monitoring activities
- Maintaining security baselines and hardening guidelines as well as other Security Operations related documentation
- Work within the IT Department to perform security hardening or other improvement spot checks of the IT enterprise architecture, throughout the year
- Monitoring of the latest cyber security trends with the aim of maintaining a near-real-time cyber-security picture
- Circulation of identified security trends (monthly newsletters) and IT Departmental news to keep Bank staff informed accordingly
- Involvement in penetration testing efforts and vulnerability assessments, carried out by an external service provider
- Possibly coordinate with HR and take the lead for Bank staff IT related training requirements (including on cyber security), cyber-security monthly newsletter and staff security skills
- Creation of cyber security scenarios and applicable emergency response plans
- Exert IT Governance oversight on IT Operation tasks including:
- Call Monitoring Tasks
- BCM Tests
- IT Business Impact Analysis Scenarios (in consultation with IT Security Analyst)
- Incident monitoring / logging
- Service Desk Request Monitoring for suspicious trends
- Replication Checks
- Backup Completeness
- Coverage Checks for Security Related Software Agents
- Assisting in business analysis tasks
- Business requirement understanding and documentation
- Software testing
- UAT planning and coordination
- Business sign-offs
- Any other tasks that may be assigned by the team Manager
Qualifications / Skills:
- Good written and oral communication skills
- Strong command of verbal and written English
- Ability to work under pressure and prioritize
- Ability to work on own initiative, self-starter and self-motivated
- An enthusiastic, reliable team player
- Critical thinking skills, excellent analytical, and reporting capabilities
- Problem-solving skills
- Ability to communicate effectively and clearly, have excellent listening skills and ability to work well in a team
- Have attention to detail and ability to think logically, out-of-the box
- Some project management experience is considered an asset
- Strong Excel skills are desirable
- Two years working experience in a similar role or equivalent experience and know-how
- Some experience in IT Security or IT Compliance audits is considered an asset
- General understanding of Banking is preferred
- Understanding of IT Systems
- Experience in policy and procedure writing
- Experience coordinating projects involving multiple stakeholders
- Project management certification is considered an asset
- CISO, CISA, CISSP are all deemed valuable when considering applicants
An attractive remuneration package will be offered to the right candidate.
The data you submit will be processed as per the Candidates Privacy Notice.