• Organization and management of a team of information security specialists. • Development and implementation of strategies to ensure the security of information systems and data. • Conducting information security audits and analyzing identified vulnerabilities. • Conducting risk analysis and information security audits, developing recommendations for their elimination, including audits in accordance with PCI DSS requirements. • Implementation and maintenance of protection systems against external threats. • Training of personnel on information security issues and monitoring compliance with the security policy. • Implementation and support of information security tools (SIEM, antivirus software, etc.).

• Audit of internal regulatory documents on information security for their sufficiency and compliance with the requirements of the legislation of the Kyrgyz Republic and regulatory legal acts of the National Bank • Audit and assessment of the security level of the network, operating systems, applications and databases, personnel and physical security • Audit and evaluation of access control and role allocation systems in automated systems • * Audit and evaluation of quality management systems of business processes and operational risk management systems • Audit assessment of the level of awareness of the bank's staff in the field of information security • Audit of the bank's strategic documents, business plans, policies and procedures for risk management of information systems in order to assess their adequacy, sufficiency and relevance • Creation of reports and recommendations on identified vulnerabilities and ways to eliminate them

• * Identification of possible information security threats, software and hardware vulnerabilities, development of intrusion detection technology • Monitoring and analysis of information security events • Accounting for information security incidents, including those committed by the bank's staff, and prepares information for the bank's management • Participation in the development of internal regulatory documents in the bank in terms of ensuring information security • Investigation and response to information security incidents • Keeping records of persons in possession of information constituting a banking or commercial secret • * Training of the Bank's employees on information security issues, raising the general level of awareness on information security issues

• Audit of internal regulatory documents on information security for their sufficiency and compliance with the requirements of the legislation of the Kyrgyz Republic and regulatory legal acts of the National Bank • Audit and evaluation of information systems business continuity management systems and information systems recovery plans in case of emergencies • * Audit and evaluation of OT process quality management systems and operational risk management system • Audit of internal policies/procedures of the bank's information systems approved by the bank's management • Creation of reports and recommendations on identified vulnerabilities and ways to eliminate them

• Detection of unauthorized access by users in the Bank's information systems and monitoring of privileged users • Identification of technical vulnerabilities in information systems, security systems, applications and databases using specialized software utilities or manually, analysis of the criticality levels of detected vulnerabilities with subsequent provision of recommendations for their solution and development of a corrective action plan • Detection of malicious software and their solutions • Identification and identification of the type of incidents related to software/hardware failure, configuration errors, etc. • Identification of vulnerabilities in security systems, applications and software with the use of specialized software utilities • Verification of compliance with the Bank's internal regulatory documents and NBKR requirements for ensuring information security in commercial banks of the Kyrgyz Republic • Analysis of audit recommendations from the NBKR, internal and external audit • Windows Update Center analysis by server segments and workstations • Monitoring and analysis of antivirus system events, responding to suspicious events and incidents • Analysis of system records, log files on all security events of the banking information system, server operating system • Monitoring password policies of critical systems • Conducting penetration testing of IT assets, identifying critical vulnerabilities and providing recommendations for their elimination • Prevention of unauthorized actions of intruders in relation to the server segments and workstations of the Bank • Development of technical solutions and new IT security tools that will help reduce security vulnerabilities and automate repetitive tasks • Development, implementation and control of IT security measures for computer systems and network/local infrastructures • Development, coordination and submission for approval to the Bank's management of regulations, manuals, procedures, job descriptions, as well as other documents in accordance with the Bank's internal regulatory documents • Preparation of reports to management on the work done

• Audit and evaluation of the effectiveness of information asset management processes * Identify problems in business processes and then submit proposals for their solution to higher management * Verification of compliance with internal regulatory documents and NBKR requirements * Identification of privileged users in information systems * Create reports and recommendations on identified vulnerabilities and how to fix them

• Monitor and analyze event logs, operating systems, and applications * Maintaining a list of information assets, updating them * Monitor and manage access in information systems and user privilege levels according to the access matrix * Monitoring the requirements of internal regulatory documents, creating a list of tasks for compliance with the requirements and their constant monitoring * Gap analysis of IT security controls and drawing up a corrective action plan to mitigate risks * Monitoring of antivirus systems, responding to suspicious events * Logging in the incident tracking system and categorizing them, escalating them, and providing a monthly report * Monitoring new vulnerabilities, analyzing criticality levels, and registering requests to fix them

• Receiving requests via communication channels, registering, categorizing, and tracking requests in the tracking system * Analysis of requests in the tracking system, search for root problems and their solution * Carrying out routine maintenance work * Analyze the SLA for requests, escalate significant and recurring issues to the system administration service, and provide a monthly report on KPIs * Maintaining procedures and instructions for the software used * Provide technical support for incoming requests from employees related to systems, software and hardware • Training of new technical support staff

• Receiving requests, troubleshooting and prompt solutions, and providing technical support to employees * Troubleshooting, diagnostics and solving technical problems with hardware and / or software * Maintaining and recording problems and solving them in the Service Desk system * Provide recommendations on processes for continuous improvement * Maintenance of technical documentation and service catalog for software installation, hardware configuration, and troubleshooting

Kyrgyz-German Faculty, Security of Automated Systems