Security Analyst (IT Security Department)

Job Description

Title: Security Analyst (IT Security Department)

Company Name: Mutual Trust Bank PLC

Vacancy: --

Age: Na

Job Location: Dhaka

Salary: --

Experience:

• At least 3 years

• Bachelor/Honors

• At least 3 years

Experience:

• 3–8 years of relevant experience in Risk, Compliance, and Governance.

• Practical exposure to multiple cybersecurity domains; hands-on experience will be considered an added advantage.

• Proven experience in stakeholder management across internal teams and external parties.

Certifications:

• Preferred industry certifications in security and compliance, such as ISO/IEC 27001 (LA/LI), CGEIT, CISA, CISSP, or equivalent.

Knowledge & Frameworks:

• Strong understanding of applicable regulations and standards, including ISO/IEC 27001, PCI DSS, and SWIFT security requirements.

• Familiarity with recognized governance and service management frameworks such as COBIT, ISO 38500, and ITIL.

Skills:

• Strong analytical, problem-solving, and communication skills.

• Ability to produce clear, well-structured documentation and maintain accurate records of risk assessments, audits, and compliance activities.

The role sits within the Risk, Governance & Compliance unit and is responsible for assessing, addressing, and governing risks across the bank’s digital environment. The position also ensures end-to-end compliance with applicable regulatory and industry standards, including Bangladesh Bank guidelines, PCI DSS, relevant ISO standards, and SWIFT security requirements, while coordinating with internal stakeholders and external parties/regulators to maintain strong ICT risk and security governance.

Key Responsibilities
• Conduct ICT risk assessments, recommend adequate IT security controls, and maintain the IT risk register.
• Ensure compliance with prescribed guidelines/standards of Bangladesh Bank and other regulators, as well as PCI DSS, ISO, and SWIFT security requirements.
• Develop, review, and improve IT processes, policies, and governance documents in line with relevant frameworks and standards.
• Coordinate with operations teams, internal stakeholders, external parties, and regulators to ensure compliance requirements are met.
• Perform periodic vulnerability assessments and penetration testing on systems, networks, and applications; track remediation actions.
• Manage and periodically review user access controls across systems and applications (access provisioning, review, and revocation).
• Create and maintain SOPs, security baselines, and system hardening guidelines; monitor hardening issues and follow-ups.
• Identify security weaknesses in common software, web applications, and proprietary systems, and recommend corrective actions.
• Support incident/risk situations with strong analytical judgment and composure under high-pressure environments.