Job Profile / Main Responsibilities :
The selected candidate will be responsible for,
• Leading, developing and execution of security assessment scope of the Bank with the objective of assuring vulnerability free IT systems. This should include timely identification of vulnerabilities, relative vulnerability rating calculation in consideration of existing controls, prioritization and closer of vulnerabilities
• Assuring vulnerability management process is fully complied with the regulatory or standards related requirements
• Playing a lead role in guiding the team in remediation of vulnerabilities. This involves educating the IT team on the vulnerabilities, understanding of impact to IT environment and remediation support
• Research, introduction and implementation of new tools to expand security assessment scope to new applications and systems
• Identification and introduction of improvements to security controls of IT infrastructure to meet ever expanding security threats, regulatory and other requirements
• Keeping vigilance of latest security threats, regulations, advisories, alerts and vulnerabilities pertaining to the IT environment and initiation of appropriate action with the IT management
• Implementation of new IT security projects as identified by management
• Assist in development and support enforcement of IT policy, procedures and standards
• Participate in Technical evaluation committees.

Applicant’s Profile :
• Bachelor’s degree in Computer Engineering / Computer Science / Information Security / Information Technology, specializing Information Security or Cyber Security
• Professional Qualifications such as GISP, SSCP, CEH, RHCSA, MCSA
• 4 years experience as an Information Security Engineer in a reputed organization, preferably in financial sector or Information Security Firm
• Hands-on experience on VA/PT tools, security reviews,, vulnerability analysis and reporting
• Strong knowledge of network application and protocols and their associated security Implications (TCP / IP, HTTP, TLS, SSH, DDNS, etc.)
• Understanding the security technologies like firewalls, VPN, PKI, cryptography, antivirus, IPS / IDS, end point security, WAF, MDM
• Exposure on System and network security administration – exposure on various networking products, security products, databases and operating systems
• Knowledge on Windows and Linux environments
• Functional knowledge of technologies like SQL, IIS, Windows, Linux, and MAC
• Strong, in-depth analytical and problem-solving skills
• Strong work ethics with attention to detail

The successful candidate will be provided with an attractive remuneration package, including fringe benefits commensurate with benchmarked financial institutions.
Applications with all relevant information should be submitted to reach the under-mentioned within 10 days of this advertisement with the respective post marked as the subject by e-mail.
Deputy General Manager – HRM Commercial Bank of Ceylon PLC Email: Web site :
All applications will be treated with strict confidence. Canvassing In any form will be an Immediate disqualification.