IT Security Executive

The Bank is seeking to recruit an IT Security Executive to join its Information Technology Unit.  

If you are interested in joining the Bank’s team and satisfy the requirements outlined hereunder, then we are interested in you. 

Who we are

We are a leading financial institution, a key player in the Maltese market and part of a highly diversified multi-national group of companies. Employing a team of over 200 employees, the Bank offers a full range of lending and savings solutions to both personal and business customers. We strive to offer a highly personalised service through our network of twelve retail branches spread across the Maltese Islands. 

We are a team of inspired people who believe that opportunities start with a conversation.


Duties and Responsibilities

In this hands-on role, the IT Security Executive will be part of our IT team focusing on managing operational IT Security, liaising with other members of the IT team, as well as, other IT Security offices and entities, both locally and internationally. The IT Security Executive will drive the organisation's Systems and Infrastructure from an IT Security perspective.

You will be responsible to:

  • review the IT Security Corporate Information policy, which forms the IT Security foundations for the Bank, as well as, create and review other security policies and procedures as required from time-to-time to remain compliant with IT security standards, specifically ISO27001 and other IT Security best practices in all IT environments and systems;
  • carry out day-to-day monitoring and controls including follow-up on anti-malware, patch management, software updates, encryption, other end-point devices, particularly mobile devices and usage of unlicensed software alerts;
  • coordinate and provide IT Security Awareness programs;
  • investigate and follow-up on IT Security incidents;
  • work and liaise on technical IT Security projects, both on the IT Infrastructure and IT Systems areas;
  • provide guidance to address security findings from IT Security reviews and penetration testing;
  • identify technical vulnerabilities and define remediation measures, with the goal to create, review and update IT security related operational procedures;
  • report IT Security findings by providing regular reports and following-up on relative findings;
  • keep up-to date with IT Security practices and technological advances in this field;
  • create and maintain comprehensive IT Security documentation;
  • perform research and drive IT security best practices on internally developed software;
  • perform research and recommend appropriate security protection products and services including server log management tools, event management tools, intrusion detection and intrusion prevention tools, data loss protection, data loss prevention tools, as well as, other advanced technologies like the use of artificial intelligence in the IT security field;
  • carry out and coordinate any technical IT Security assessments. These, amongst others, include:
    • VISA assessment (to define, implement and report on VISA security controls);
    • SWIFT assessment - (to define, implement and report on SWIFT security controls);
    • Security around newly requested software;
    • IT Risk assessment related to technology implementation;

Competencies and experience

The potential candidate should be reliable and trustworthy, well-organised with a disposition to learn and have a team-oriented approach.

You must:

  • as a minimum, hold an IT degree, ideally specialising on the IT Infrastructure and\or IT Security area and\or is in the process of obtaining an IT Security related certification such as CEH, CISM, CISSP or equivalent;
  • have a minimum of 3 years working in the IT field with a minimum of 1-year experience in the IT Security field;
  • have strong analytical skills and excellent verbal and written communication skills;
  • have a strong command of the English language; and
  • be a great team-player.

Technical Skills 

You must:

  • have practical knowledge of Microsoft Active Directory, SCCM, Microsoft SQL server and IIS;
  • have practical knowledge on Symantec End-Point Protection ideally with knowledge of other cloud service add-ons like Web Services Security (WSS);
  • have practical knowledge of Microsoft Server and desktop environments. Other non-Windows environments, such as Red Hat Linux and other variants of this OS will be considered an asset;
  • have practical knowledge of Microsoft Azure environments and particularly Microsoft O365 environments, with a focus on the Security and Compliance centre. Knowledge should also encompass Microsoft InTune;
  • have practical experience on conducting internal penetration testing and report on the findings;
  • have experience with virtualization;
  • have experience with network security components such as and not limited to Cisco ASA Firepower and other application security features;
  • have experience with scripting languages, particularly Windows PowerShell;
  • have knowledge of the entire TCP\IP, OSI network protocol stack, such as (IP\TCP, ICMP\UDP\SMTP\POP3\HTTP\FTP\SSH); and
  • have knowledge of cryptography algorithms and protocols.

How to apply

If you want to be part of our team, we invite you to send us a detailed CV highlighting your achievements. Applications should reach the Bank only by email on



Malta Stock Exchange
©2023 - BNF Bank p.l.c. – All Rights Reserved.
BNF Bank p.l.c. is a credit institution licensed by the MFSA to undertake.
The business of banking in terms of the Banking Act 1994.