As the implementation phase of Buna, formerly known as the Arab Regional Payment System (ARPS), project picks up momentum, we are looking for a responsible Information Security Officer- Buna to join our founding team. Duties of the Information Security Officer include developing and managing Buna\xe2\x80\x99s information security policies & strategy to protect Buna from security threats and cyber-attacks. The job holder is also responsible for ensuring operational compliance with all standards and regulations and driving business continuity. This position will report to the Chief Risk & Compliance Officer.
In this context, the following sections detail the main qualifications, skills and responsibilities related to this position:
Job Responsibilities
Cyber Security Policies and PRocedures Development
Develop and monitor a strategic, comprehensive enterprise information / cyber security risk management program (including strategy, policies, standards, processes, and guidelines) to ensure protection of Buna digital and data assets
Create, maintain and publish up-to-date information security policies, standards and guidelines
Ensure cyber security policies, procedures and best practices are communicated across the organization
Security Operations Implementation
Implement and lead the strategy for managing and reporting security incidents and oversee investigations of reported security breaches
Identify, manage, and minimize information security risks, and provide relevant and timely reports that drive business decisions
Ensure appropriate administrative, physical and technical safeguards are in place to protect information assets from internal and external threats
Identify, introduce and implement appropriate procedures to test technical safeguards on a regular basis
Oversee the development and implementation of appropriate and effective controls to mitigate identified threats and risks
Align the security and enterprise (reference) architectures, ensuring security requirements are implicit in these architectures
Manage the daily operations for InfoSec architecture, engineering, operations center, secure development lifecycle, and governance functions across on-premise, hybrid cloud, and cloud capabilities
Information Security Program Management
Report regularly on current status of the information security program
Keep abreast of latest cybersecurity technologies and innovations
Create and manage a targeted information security awareness training program
Manage InfoSec vendor relationships and optimizing value from these relationships
Research, investigate and implement measures that address data security risks and potential losses
Identity and Access Management
Monitor and maintain application user access across the IT portfolio
Maintain on time on-boarding and off-boarding for identified IT environments
Cybersecurity Incident Mitigation
Follow-up on detected security issues and implement solutions to mitigate risks
Oversee threat monitoring activities, take preventive actions and advise relevant stakeholders on the appropriate course of action and response to such threats
Own the cybersecurity incident and vulnerability management processes from design to implementation
Threat Analysis and Monitoring
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters
Qualifications and Skills
Experience & Education
10+ years of experience in IT, with at least 5+ years in Information Security, preferably in banking
Prior experience developing and maintaining an information security program
Experience with information security frameworks
Graduate degree from a reputable university preferably in computer science or any related field
Relevant security certifications (CISA, CISM, CERT, CISSP, GSEC, CCSP, GIAS, CEH or OCSP) are preferred
Skills
Knowledge of information security frameworks, cyber security policies and procedures, statutory and regulatory compliance, security operations, cybersecurity incident response, identity and access management and further threat analysis and monitoring
Excellent communication skills (oral and written) with ability to effectively communicate by telephone, face to face, email and written
Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint)
Excellent organization and time management skills, and ability to work on own initiative, accurately to tight deadlines, and to prioritize between conflicting demands
Ability to handle multiple tasks with tight deadlines simultaneously
Effective team player and excellent relationship building skills with ability to demonstrate a high level of discretion and positive attitude with all internal and external stakeholders
Ability to maintain the highest level of confidential/sensitive information and professionalism
Flexibility and readiness to work beyond regular working hours and as required