CreditBank PNG is recruiting a suitable candidate for the role of Information Security (SOC) Analyst.

The Information Security (SOC) Analyst is accountable and responsible for oversight, monitoring and analysing threats & vulnerabilities and responding to security events and incidents by effectively identifying, detecting, preventing, responding to internal and external threats and recovering Credit Corporation’s Enterprise IT systems and data to its normal state.

Primary Responsibilities:

Organization

• Operationalize Credit Corporation’s information security strategy and roadmap within the budget to improve and maintain CC’s security maturity at an agreed and acceptable level; protecting CC’s information assets and ensuring business resiliency.
• Manage Information Security Risk within Risk Appetite Statement.

Individual

• Contribute to the operationalization and update of Information Security Strategy, Architecture Design, Policies, Procedures, Standards and guidelines.
• Daily monitoring & oversight of remediation (by 1^st Line Defense) of detected security vulnerabilities, threats and security incidents from related security technology (SIEM, VM Tool, End-Point Protection, WAF, IDS/IPS Web Security, Email Security) and from Managed Security Service Provider for MDR and VMaaS.
• Prompt, active and timely coordination of Information Security Incidents Response Lifecycle (Preparation, Detection and Analysis, Containment, Eradication and Recovery and Post-Event Activity); engaging relevant and critical stakeholders using the relevant tools, techniques and playbooks (including but not limited to SIEM, SOAR).
• Undertake regular technical vulnerability assessments of Credit Corporation’s ICT Enterprise environment including ad-hoc assessments of potential vulnerabilities in technology changes and new implementation or integration.
• Oversight & testing of SLAs, RTOs and RPOs to ensure business continuity & resilience in the event of a data breach or security incident.
• Oversight of regular implementation of upgrades and patching by 1^st Line of Defense.
• Provide support & consultation with IT, People & Culture, Legal, Compliance, ERM and other stakeholders as required for business resiliency & preparedness in BCM, IT DRP, Crisis Management.
• Provide support & consultation with audits, reviews, assessments and sensitive investigations/operational incidents (as required) within agreed scope.
• Staying connected and informed of latest information security and technology trends, threats, threat actor motives, threat targets and attack behaviors through internal sources (intel sharing, indicators of compromise) and external sources (contextual news and updates).
• Actively be knowledgeable of known and emerging security threats and techniques used in security related attacks in Technology and in Banking Industry.
• Maintain required levels of technical competency and continuous development through IDP.
• Comply to Regulatory, Legislative & Industry Information Security Programs, Standards and Frameworks (where mandated) such as PCI DSS, SWIFT CSCF & BPNG REPS.
• Actively participate and be an advocate of Information Security Awareness and drive a security-aware culture in Credit Corporation. Lead by example.
• Compile and provide regular reporting to CRO, IT Management, Board Risk & Compliance Committee, Risk Forums, Group Risk Oversight Committee, ExCo, and CC Group Board as required.
• Always establish and maintain effective professional working relationships with your co-workers and staff upholding the Credit Corporation values, mission and vision.

Personal Qualities and Requirements

• General technical knowledge of information security frameworks, practices and concepts.
• General technical Knowledge of Information technology & communication.
• Technically knowledgeable and/or skilled in OSI Model, IT infrastructure, cloud-native solutions, IoT architectures, application development methodology and frameworks, database technologies, web technologies, network architecture, enterprise architecture, and active directory services.
• Security technology acumen and experience including but not limited to: firewall, intrusion detection, security tools and defences, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi factor authentication.
• High analytical skills required to analyse defects and spot trends.

Expected Behaviours

• Communicate with Respect, Equality & Open-mindedness.
• Take initiative & speak up.
• Take constructive feedback
• Be accountable and take ownership.
• Connect with others to achieve shared success.
• Detailed oriented.
• Good analytic skills.

Formal Qualifications:

• Degree in Information Technology or other related fields.

Application process:

If you think you have what it takes to be in this role, we would like to hear from you.

Applications close on Friday, 6^th March 2026, and must provide the following:

• A cover letter.
• A current CV with the names of three (3) contactable referees

Applications must be addressed to:

The Head of People & Culture

Credit Corporation (PNG) Limited

P O Box 1787

Port Moresby, 121

National Capital District

Applications must be emailed to [email protected]