Senior Officer - Information Security
Job Description
Job Purpose:
responsible for enforcing Bank&aposs information security policies and the coordination of information security efforts across the Bank. Working with IS management, Senior Officer Information Security will coordinate the process to build a Bank-wide information security strategy and vision.Senior Officer Information Security will also oversee the creation and maintenance of Bank&aposs information security policy, leads security risk assessment efforts, and develop the security awareness and training programs. Senior Officer Information Security will also advise and collaborate with various departments or units on chain of trust agreements, business continuity and disaster recovery plans, audit and governmental compliance practices.
Duties and Responsibilities:
Identify and develop areas where information security policies and procedures require creation or update; confer with management, developers, auditors, facilities and other business unit personnel to identify and security for data, software applications, hardware, telecommunications, and computer installations
Manage and administer Information Security tools, including Data Loss Prevention (DLP), Qualys vulnerability management across various modules, and Endpoint Detection and Response (EDR), ensuring optimal performance, compliance with security standards, and timely resolution of issues.Support the Security Operations Center (SOC) by assisting in security event monitoring, incident detection, analysis, and response activities, as well as coordinating with relevant teams for timely remediation and reporting.
Regularly conduct various security assessments, including but not limited to access control reviews, vulnerability assessments, configuration audits, and compliance checks to proactively identify and address potential risks and vulnerabilities.
Implement and manage Microsoft Azure Security Products
Advise the IS management on risk issues that are related to information security and recommend actions in support of the Banks wider risk management programs.
Integrate and assess cloud security applications
Identify key security programs and coordinate with various departments and branches must be involved in building a comprehensive information security program.
Provide guidance and advocacy regarding prioritization of infrastructure that impacts security.
Act as ombudsman for disputes, requests for exceptions, and complaints regarding bank wide information systems security policy, practices, and related issues.
Act as the primary control point during significant information security incidents.
Provide risk assessment and security briefings related to security issues; manage IT security awareness and training programs and activities and advise resource owners on the formation of appropriate security policies.
Conduct periodic assessments and regular monitoring of information security controls and practices to ensure compliance with NESA requirements.
Manage the development, implementation, and maintenance of the Banks information security policy, standards, and guidelines
Work with Manager Information Security on Bank&aposs Internal Audit to ensure that departments consider information security risks in both ongoing and planned operations.
Monitor information security trends internal and external to the Bank and keep IS management informed about information security-related issues and activities affecting the Bank.
Understand potential threats, vulnerabilities, and control techniques and communicate the information to IT system & network administrators.
Assist Banks departments or units as necessary to investigate security breaches and pursue associated disciplinary and legal matters.
Work with Internal Audit, the IS management and outside consultants as appropriate on required security audits.
Work on the development and enforcement of information security and privacy policies in compliance with UAE federal Law regulations and standards.
Consult with Internal Departments & Branches on information security
Monitor and report on Bank&aposs information security activities and compliance
Other duties may be assigned
Education Level Required:
Bachelors or masters degree in information systems or any related field.
Professional / Technical Qualifications / Diplomas:
Cyber Security Products Training or Certifications Cisco Certifications Microsoft Certifications CISA/CISSP certification
Experience:
5 - 7 years of experience in related industry
Other Skills Required for the Job:
In-depth knowledge and understanding of information security and technology infrastructure.
In-depth experiences in NESA requirements Implementation
Security Experiences in Cloud Apps and Microsoft Azure Products implementation
In-depth experience in developing information security policies in line with NESA Requirements
Analytical ability and innovative thinking.
Excellent communication skills.
Flexibility in handling tasks (multi-tasking).
Software Development Life Cycle experience