As the implementation phase of Buna, formerly known as the Arab Regional Payment System (ARPS), project picks up momentum, we are looking for a responsible Information Security Officer- Buna to join our founding team. Duties of the Information Security Officer include developing and managing Buna’s information security policies & strategy to protect Buna from security threats and cyber-attacks. The job holder is also responsible for ensuring operational compliance with all standards and regulations and driving business continuity. This position will report to the Chief Risk & Compliance Officer.
In this context, the following sections detail the main qualifications, skills and responsibilities related to this position:
Cyber Security Policies and PRocedures Development
- Develop and monitor a strategic, comprehensive enterprise information / cyber security risk management program (including strategy, policies, standards, processes, and guidelines) to ensure protection of Buna digital and data assets
- Create, maintain and publish up-to-date information security policies, standards and guidelines
- Ensure cyber security policies, procedures and best practices are communicated across the organization
Security Operations Implementation
- Implement and lead the strategy for managing and reporting security incidents and oversee investigations of reported security breaches
- Identify, manage, and minimize information security risks, and provide relevant and timely reports that drive business decisions
- Ensure appropriate administrative, physical and technical safeguards are in place to protect information assets from internal and external threats
- Identify, introduce and implement appropriate procedures to test technical safeguards on a regular basis
- Oversee the development and implementation of appropriate and effective controls to mitigate identified threats and risks
- Align the security and enterprise (reference) architectures, ensuring security requirements are implicit in these architectures
- Manage the daily operations for InfoSec architecture, engineering, operations center, secure development lifecycle, and governance functions across on-premise, hybrid cloud, and cloud capabilities
Information Security Program Management
- Report regularly on current status of the information security program
- Keep abreast of latest cybersecurity technologies and innovations
- Create and manage a targeted information security awareness training program
- Manage InfoSec vendor relationships and optimizing value from these relationships
- Research, investigate and implement measures that address data security risks and potential losses
Identity and Access Management
- Monitor and maintain application user access across the IT portfolio
- Maintain on time on-boarding and off-boarding for identified IT environments
Cybersecurity Incident Mitigation
- Follow-up on detected security issues and implement solutions to mitigate risks
- Oversee threat monitoring activities, take preventive actions and advise relevant stakeholders on the appropriate course of action and response to such threats
- Own the cybersecurity incident and vulnerability management processes from design to implementation
Threat Analysis and Monitoring
- Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters
Experience & Education
- 10+ years of experience in IT, with at least 5+ years in Information Security, preferably in banking
- Prior experience developing and maintaining an information security program
- Experience with information security frameworks
- Graduate degree from a reputable university preferably in computer science or any related field
- Relevant security certifications (CISA, CISM, CERT, CISSP, GSEC, CCSP, GIAS, CEH or OCSP) are preferred
Skills
- Knowledge of information security frameworks, cyber security policies and procedures, statutory and regulatory compliance, security operations, cybersecurity incident response, identity and access management and further threat analysis and monitoring
- Excellent communication skills (oral and written) with ability to effectively communicate by telephone, face to face, email and written
- Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint)
- Excellent organization and time management skills, and ability to work on own initiative, accurately to tight deadlines, and to prioritize between conflicting demands
- Ability to handle multiple tasks with tight deadlines simultaneously
- Effective team player and excellent relationship building skills with ability to demonstrate a high level of discretion and positive attitude with all internal and external stakeholders
- Ability to maintain the highest level of confidential/sensitive information and professionalism
- Flexibility and readiness to work beyond regular working hours and as required
Languages
- Fluent in English & Arabic