Information Security Analyst
Writing the future. Together.
Avaloq is a value-driven fast-paced fintech company and we are committed to develop the banking technology of tomorrow.
Leading banks and wealth managers in all major financial centres rely on our software and services, and this unique community grows every day.
Avaloq's Security Operation team implement and carry out the security objectives and controls for the organization. Specifically, the team deploy and manages the day to day operation of information security infrastructure and respond to information security events and issues as they arise.
- Support and maintain IT Security systems including network security and SIEM systems.
- Conduct IT security incident investigation and threat hunting on the IT environment.
- Develop and support emergency procedures and oversee incident responses as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as required.
- Support the development and implementation of security policies, standards, guidelines and processes to ensure the ongoing maintenance of physical and logical security.
- Participate in the security operational risk management activities as part of the Enterprise Risk Management to identify threats and institute appropriate security programs.
- Support Avaloq's Information Security Management System (ISMS) to assure continuous compliance with regulations, laws and contractual obligations by adopting and deploying industry and market standards and accepted best practices.
What you need
- Minimum of 1-3 years of experience in a similar role, i.e. in a combination role of security risk, information security and IT.
- Degree in tertiary studies in relevant fields such as Computer Science, IT Security, Business IT, IT engineer would be an advantage.
- Proven experience in analysis, identifying, monitoring and controlling security risks
- Experience in managing Identity / Access management, Intrusion Detection / Prevention, Data Protection and Data Leakage Prevention applications / devices including installation, configuration and its availability
- Extended knowledge of relevant international security standards (ISO/IEC 27000-series), best practices (CobiT, ITIL), third party reporting (ISAE3402, SOC), trends and legal and regulatory requirements for data protection and outsourcing in the financial sector (e.g. MAS, HKMA).
You will get extra points for the following
Have one or more of the certifications from ISACA's CSX, CISA, CISM, CGEIT or CRISC or ISC2's SSCP, CCSP, or CISSP or GIAC's GISP or GSEC.
Now let's talk about perks and compensation
With our compensation model, we want to share the success of the company with all our employees. We offer competitive base salaries and if you prove yourself as a super-star, you might be entitled to an extraordinary achievement reward.