To develop, coordinate and execute Information Security Management Systems (ISMS) across the organization to ensure highest standards of information security are setup and maintained in the bank in accordance with the technical and regulatory requirements.
Key Result Areas:
Establish an Information Security Management System (ISMS) to protect the bank’s information assets in accordance with a determined risk profile
Lead security strategy planning, ensure that security is addressed as a business requirement across the bank, facilitate improvements in information security posture and act as primary liaison for Bank’s information security vision.
Development, documentation and implementation of security policies, procedures, infrastructure security baselines and standards for the organization
Serve as a recognized risk management leader and expert advisor to and proactively communicate with executive management on the risks and controls of protecting the privacy and security of information related to the business and operational systems environment.
Ensure that bank-wide security policies and standards align with the business; are documented, periodically reviewed, updated and distributed to appropriate individuals. Partner with the business units, legal, human resources, security personnel, internal audit and executive management in the development of these policies to ensure information technology resources are secure and available and information is safe and private.
Monitor compliance with the organization’s security policies and procedures among employees, consultants and other third parties and refer problems to appropriate department managers or administrators.
Perform information security risk assessments for existing/new applications and serve as an internal auditor for security issues
Reviewing the Security Architecture and mechanisms, and recommending cost-effective changes to the existing structure
Handling incident response and reporting of breach of IT / IS Security in the organization and drive for appropriate changes
Initiate, facilitate, and foster activities to create information security awareness within the organization
Coordinating internal Information Systems and Security audits, to ensure compliance of existing systems with prescribed standards and policies (internal & external)
Steering the design & implementation of Security solutions addressing perimeter, end points, network and services.
Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents that arise.
Providing consultation on Information Security standards and Industry best practices.
Pursue Bank-wide information security initiatives to address unique needs in protecting identity, mobile social media security and online reputation program.
Review all system-related security plans throughout the organization’s network, acting as a liaison to Information Systems
Assist the management on Information Security Strategy, security budgeting, projects, etc.
Assist/enable business to comply with the regulatory requirements on Information security globally such as FSA, FFIEC, GLBA, RBI, QCB, ESCA, UAE Central Bank, UBF, Bahrain Central Bank, Kuwait Central Bank, etc.
Align security practices/procedures to the well-known information security standards/guidelines such as ISO27001, PCI/DSS, NIST, etc.
Engage team members through coaching, training and awareness programmes to ensure risk methodologies are effectively communicated across the enterprise
Establishing sound security practices covering the critical areas.
Identification and remediation of critical security issues
Conduct security risk assessments for the information assets including 200+ applications, 2000 servers, 6000 desktops and 700+ network/security devices
Ensure Information security risks are identified and managed
Implement access authorization process for infrastructure related controls and conduct periodic reviews
Develop an ‘early warning mechanism to avoid surprises in future.
Knowledge Skills & Experience:
15-20 years of relevant experience in a banking environment.
Sound knowledge of IT environment including infrastructure, systems, database, process etc
Experience on User Behavior Analysis, Data Analytics, Digital Forensics is a must.
Relevant experience in all the security domains/areas including governance, policy procedures, security incident response, security management, etc
Professional security certifications such as CISSP, CISA, CISM, CEH, SANS, Lead Auditor ISO27001, CRISC, CRP, etc, is desirable
Strong interpersonal, analytical and technical skills.