Community Bank Bangladesh Limited, a concern of Bangladesh Police Kallyan Trust, was established with a vision to serve the communities with the tailor-made secured solutions abiding by the highest level of corporate governance standard. It aims to contribute to the economic growth of the country by providing financial products and services to the communities across the geographies. State-of-the-art Core Banking System is an enabler to operate centrally in optimum magnitude. Community Bank runs on its three core building blocks i.e. Trust, Security and Progress.

Key Job Responsibilities:

• Perform Information Security Assessment of different ICT Systems, Services, Application and processes like Core Banking Applications, Payment Systems, Digital Banking Applications, Card Management System, SWIFT, Active Directory etc.
• Conduct security architecture assessments of the application stack including testing, threat modeling, code analysis providing requirements and driving remediation of test findings before deployment
• Own and perform application security vulnerability management.
• Manage third party bug bounty program including verification of findings and driving remediation.
• Guide and advise product development teams in the area of application security.
• Participate in security incident response activities.
• Ensure documentation for managed platforms/services are detailed, thorough and kept current.
• Keep current on organization’s business practice, technology, security issues and legislation that impact the company’s security policy.
• Work with the product development teams to implement Secure Software Development Lifecycle.
• Create and deliver security trainings.
• Develop automated security testing to validate that secure coding best practices are being used.
• Develop tooling and automation to facilitate continual testing and increase coverage.
• Make recommendations to leadership on improvements to be made to existing security controls.
• Plan strategies of InfoSec Awareness Training, development training material and conduct training to aware the stakeholders of ensuring best security practices.

Educational Requirements:

• MSc/BSc in Computer Science, Information Systems, Information Technology or a related field from reputed University with No Third Division in academic records.
• Certification in CEH is mandatory; additional certifications in CISSP, CISO, ITIL, CCNA will be given higher preference.

Experience Requirements:

• Minimum 10 year(s) working experience in relevant area (out of which at least 3 years’ experience with secure SDLC, threat modeling and web application scanning techniques (SAST, DAST, IAST) and 1 year experience with deployment orchestration, automation, security configuration management and managing vendor relationship)

Knowledge, Competencies and Skills:

• Smart, Team player, paired with agile mindset and can-do attitude.
• Knowledge of development/integration tools (example: CI/CD)
• Strong software engineering experience in all phases of SDLC
• Solid background in the technology of at least one modern cloud environment (AWS, Azure, GCP)
• One or more security related certifications (i.e. CISSP, CISO, CEH, ITIL, CCNA) is preferred.
• Excellent communication skill in Bangla and English.

Job Location: Dhaka

Job Grade: Senior Principal Officer to First Assistant Vice President

Remuneration: Negotiable