Security Operations Center (SOC) Specialist | Security Governance & Compliance Specialist

IT - Software / DB / QA / Web / Graphics / GIS

About the Employer

Job Description

SECURITY OPERATIONS CENTER (SOC) SPECIALIST

MSL Ref. No. 8121

Key Responsibilities:

  • Liaise between Bank and the external SOC provider.
  • Monitor and evaluate SOC performance against SLAs and KPIs.
  • Review and analyze security alerts, incidents, and reports, ensuring timely escalation and response.
  • Provide the SOC team with crucial background on the bank's IT infrastructure and processes.
  • Actively participate in incident response, contributing internal knowledge and facilitating communication.
  • Collaborate with the SOC to refine security monitoring rules and incident response playbooks.
  • Track and report on key SOC performance metrics and drive improvements.
  • Ensure thorough documentation of security incidents and remediation.
  • Stay informed on cyber threats and security trends.
  • Participate in regular meetings and performance evaluations with the SOC provider.
  • Assist in developing and maintaining internal security policies and procedures.

The Ideal Candidate Profile:

  • Bachelor's degree in IT, Computer Science, Information Security, or a related field.
  • Possess at least 5 years of professional experience in a SOC environment or with significant SOC interaction.
  • Comprehensive understanding of security threats, attack methodologies, and mitigation strategies.
  • Familiar with security monitoring tools, SIEM platforms, and incident management processes.
  • Exceptional analytical and problem-solving skills.
  • Excellent written and verbal communication and interpersonal skills.
  • Demonstrated ability to work independently and collaboratively.
  • Prior experience managing outsourced service providers (highly desirable).
  • Relevant security certifications (CompTIA Security+, CEH, SOC Analyst) are a plus.

SECURITY GOVERNANCE & COMPLIANCE SPECIALIST

MSL Ref. No. 8122

Key Responsibilities:

  • Develop and maintain security policies, standards, and procedures.
  • Conduct risk assessments and proposing mitigation strategies.
  • Manage internal and external security audits (PCI DSS, ISO 27001, Swift CSCF).
  • Facilitate PCI DSS and ISO 27001 control implementation and maintenance.
  • Create and deliver security awareness training.
  • Support security governance and compliance projects.
  • Monitor and adhere to security policies and standards.
  • Collaborate with IT, Legal, Risk, and Compliance teams.
  • Stay updated on security trends and regulations.
  • Assist in developing business continuity and disaster recovery plans.

The Ideal Candidate Profile:

  • Bachelor's degree in IT, Computer Science, Information Security, or related field.
  • Possess at least 5 years' experience in information security governance, risk, and compliance preferably in the financial services industry.
  • Strong understanding of PCI DSS and ISO 27001 standards and implementation.
  • Experience in conducting risk assessments and developing risk treatment plans.
  • Familiar with Sri Lankan banking sector security regulations.
  • Excellent communication, presentation, and interpersonal skills.
  • Strong analytical and problem-solving abilities.
  • Ability to work independently and collaboratively.
  • Relevant certifications (CISA, CISSP, CRISC, CISM, GSTR, GISP, ISO 27001 Lead Implementer/Auditor) are an advantage.

SECURITY ENGINEER & ASSESSMENT SPECIALIST

MSL Ref. No. 8123

Key Responsibilities:

  • Conduct vulnerability assessments (automated and manual) of internal and external systems/applications.
  • Plan, coordinate, and potentially execute penetration testing.
  • Analyze assessment results and provide actionable remediation recommendations.
  • Collaborate with IT teams to implement and verify security controls.
  • Research and recommend security engineering solutions.
  • Assist in developing and implementing security hardening guidelines and best practices.
  • Contribute to security testing methodologies and standards.
  • Stay updated on security vulnerabilities, exploits, and assessment tools.
  • Collaborate on security initiatives and projects.
  • Assist in security incident investigations.
  • Document security assessment findings and methodologies.

The Ideal Candidate Profile:

  • Bachelor's degree in IT, Computer Science, Information Security, or related field.
  • Possess at least 5 years of experience in security engineering, vulnerability assessment, and penetration testing.
  • Strong understanding of security vulnerabilities (OWASP Top 10, SANS Top 25) and exploitation techniques.
  • Hands-on experience with vulnerability scanning tools and penetration testing frameworks.
  • Familiarity with operating systems, network protocols, and application architectures.
  • Scripting skills (Python, Shell) desirable.
  • Excellent analytical and problem-solving skills.
  • Ability to communicate technical findings effectively.
  • Relevant security certifications (OSCP, CEH, GPen) are an advantage.

A remuneration package on par with industry standards will be offered to the right candidate.

Please forward your complete resume in PDF format with contact details of two non-related referees to [email protected] within 10 days of this advertisement quoting MSL Ref. No in the subject line of your e-mail.

No: 10, Gothami Road, Colombo 08.

0112015900

Log in to Apply
12 days, 03h and 41m left
Job Summary
  • Location
    Colombo 8, Colombo, Western Province, Sri Lanka
  • Job Type
    Full Time
  • Date Posted
    1 day ago

Similar Jobs

Ernst & Young

Data Governance Analyst

  • Colombo
  • Full Time
  • 12 days ago

Abans Group

Executive - Information Security & IT Governance

  • Colombo
  • Full Time
  • 11 days ago

Bookmark or Share

We're glad to see you again!

Don't have an account? Sign Up!
Forgot Password?

Let's create your account!

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Let's reset your password!