Title: Senior Officer to Principal Officer - Information Security (Information Technology Division)
Company Name: ONE Bank PLC
Vacancy: 03
Age: At least 26 years
Job Location: Dhaka
Salary: --
Experience:
Master of Science (MSc)/Bachelor of Science (BSc) in Computer Science & Engineering or Information and Communication Technology or a related discipline.
Strong knowledge of Information Security, Cyber Security frameworks, IT Governance, and regulatory compliance requirements applicable to the banking sector.
Hands-on understanding of SOC operations, incident response, SIEM, PAM, SOAR, and VA/PT tools, including security monitoring, threat detection, automation, and vulnerability management.
Knowledge of secure software development (SSDLC, OWASP Top 10), database security, encryption, access controls, web application security, and cloud security principles.
Understanding of network security, Windows/Linux operating systems, databases, programming, server hardening, patch management, DC-DR operations, and business continuity planning and strong analytical, documentation, and communication skills with the ability to work in a 24×7 security environment.
Cybersecurity certifications (CEH, CompTIA CySA+, OSCP, etc.) and experience with TryHackMe, Hack The Box, or national cyber drills will be considered an advantage.
Support the implementation and monitoring of the Bank’s Information Security Policy, IT Governance framework, and regulatory requirements, including Bangladesh Bank ICT Security Guidelines, ISO/IEC 27001, PCI-DSS, and SWIFT CSP.
Participate in SOC operations, including security monitoring, SIEM log analysis, threat detection, incident handling, investigation, escalation, and response activities.
Operate and monitor security solutions such as SIEM, PAM, SOAR, EDR, DLP, FIM, and Vulnerability Management tools to ensure effective security controls and compliance.
Conduct vulnerability assessments, penetration testing, security reviews, and risk assessments across applications, databases, networks, servers, storage systems, and DC-DR environments.
Support audit and compliance activities, cyber threat monitoring, digital forensics, security awareness programs, and other cybersecurity-related tasks assigned by management.