Requirements

Additional Requirements

• Proficiency in auditing IT systems, network infrastructure, and core banking applications.

• Knowledge of Bangladesh Bank's ICT Risk Management Guidelines, cyber security, and AML/CFT systems.

• Expertise in access controls, data integrity, system changes, and disaster recovery.

• Strong analytical skills for identifying IT risks and recommending corrective actions.

• 09-12 years of experience in IT auditing, information security, or related fields for the position of Senior Principal Officer/ Assistant Vice President.

• 5-6 years of experience in IT auditing, information security, or related fields for the position of Principal Officer.

• 3-5 years of experience in IT auditing, information security, or related fields for Senior Executive Officer/ Executive Officer.

Responsibilities & Context

National Bank Limited, recognized as a visionary and forward-thinking first generation private sector Commercial Bank, is committed actively playing a substantial and proactive role in fostering the economic growth of our country. Our Bank boasts an extensive network encompassing 221 branches and 65 sub-branches across the nation, further bolstered by a significant global presence through our wholly owned subsidiaries and strategic partnerships.

We are seeking dynamic and experienced IT professionals to join our leadership team and inviting application from dynamic, proactive, self-motivated, talented and experienced professional with proven record of accomplishments in the related field with requisite academic qualifications for the following position of the Bank.

Responsibilities:

• Assess the effectiveness, reliability, and security of the bank’s IT systems, including core banking applications, databases, and network infrastructure.

• Ensure compliance with Bangladesh Bank’s guidelines, including ICT policies, data protection standards, and cyber security requirements.

• Conduct risk-based audits focusing on critical IT functions such as system access controls, data integrity, system change management, and disaster recovery plans.

• Identify vulnerabilities in IT systems, including network security, application controls, and server configurations, and recommend corrective actions.

• Review the bank’s cyber security framework, including firewalls, intrusion detection systems, and antivirus protections, to mitigate cyber threats.

• Ensure compliance with data privacy regulations by auditing practices related to the storage, transmission, and processing of sensitive information.

• Evaluate the bank’s ICT governance policies, ensuring alignment with Bangladesh Bank's ICT Risk Management Guidelines and global best practices.

• Audit user access controls, ensuring that only authorized personnel have access to critical systems and that segregation of duties is maintained.

• Assess the adequacy of the bank’s disaster recovery plan and business continuity plan, ensuring they are tested regularly and capable of handling disruptions.

• Evaluate the bank’s response to IT incidents, including cyber attacks and data breaches, ensuring compliance with incident reporting protocols.

• Prepare comprehensive audit reports on IT risks, control weaknesses, and compliance gaps, providing recommendations for corrective actions.

• Perform data analysis with appropriate CAAT.

• Work closely with the IT department and cyber security teams to understand system architecture and address identified weaknesses.

• Ensure corrective actions are implemented and verify their effectiveness through follow-up audits.

• Audit IT systems used for AML/CFT compliance, ensuring accurate monitoring, reporting, and alert generation.

• Conduct training for IT staff on compliance, cyber security, and risk management to strengthen the bank’s IT control environment.

• Liaise with Bangladesh Bank during IT audits and inspections, providing required documentation and responses to findings.

• Be responsible for ensuring accurate reporting of IT-related risks and compliance, taking ownership of any lapses arising from inadequate audits.