Information Security Officer

Introduction

As the implementation phase of Buna, formerly known as the Arab Regional Payment System (ARPS), project picks up momentum, we are looking for a responsible  Information Security Officer- Buna to join our founding team. Duties of the Information Security Officer include developing and managing Buna’s information security policies & strategy to protect Buna from security threats and cyber-attacks. The job holder is also responsible for ensuring operational compliance with all standards and regulations and driving business continuity. This position will report to the Chief Risk & Compliance Officer.

In this context, the following sections detail the main qualifications, skills and responsibilities related to this position:

Job Responsibilities

Cyber Security Policies and PRocedures Development

• Develop and monitor a strategic, comprehensive enterprise information / cyber security risk management program (including strategy, policies, standards, processes, and guidelines) to ensure protection of Buna digital and data assets
• Create, maintain and publish up-to-date information security policies, standards and guidelines
• Ensure cyber security policies, procedures and best practices are communicated across the organization

Security Operations Implementation

• Implement and lead the strategy for managing and reporting security incidents and oversee investigations of reported security breaches
• Identify, manage, and minimize information security risks, and provide relevant and timely reports that drive business decisions
• Ensure appropriate administrative, physical and technical safeguards are in place to protect information assets from internal and external threats
• Identify, introduce and implement appropriate procedures to test technical safeguards on a regular basis
• Oversee the development and implementation of appropriate and effective controls to mitigate identified threats and risks
• Align the security and enterprise (reference) architectures, ensuring security requirements are implicit in these architectures
• Manage the daily operations for InfoSec architecture, engineering, operations center, secure development lifecycle, and governance functions across on-premise, hybrid cloud, and cloud capabilities
•  

Information Security Program Management

• Report regularly on current status of the information security program
• Keep abreast of latest cybersecurity technologies and innovations
• Create and manage a targeted information security awareness training program
• Manage InfoSec vendor relationships and optimizing value from these relationships
• Research, investigate and implement measures that address data security risks and potential losses

Identity and Access Management

• Monitor and maintain application user access across the IT portfolio
• Maintain on time on-boarding and off-boarding for identified IT environments

Cybersecurity Incident Mitigation

• Follow-up on detected security issues and implement solutions to mitigate risks
• Oversee threat monitoring activities, take preventive actions and advise relevant stakeholders on the appropriate course of action and response to such threats
• Own the cybersecurity incident and vulnerability management processes from design to implementation

Threat Analysis and Monitoring

• Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters

Qualifications and Skills

Experience & Education

• 10+ years of experience in IT, with at least 5+ years in Information Security, preferably in banking
• Prior experience developing and maintaining an information security program
• Experience with information security frameworks
• Graduate degree from a reputable university preferably in computer science or any related field
• Relevant security certifications (CISA, CISM, CERT, CISSP, GSEC, CCSP, GIAS, CEH or OCSP) are preferred

Skills

• Knowledge of information security frameworks, cyber security policies and procedures, statutory and regulatory compliance, security operations, cybersecurity incident response, identity and access management and further threat analysis and monitoring
• Excellent communication skills (oral and written) with ability to effectively communicate by telephone, face to face, email and written
• Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint)
• Excellent organization and time management skills, and ability to work on own initiative, accurately to tight deadlines, and to prioritize between conflicting demands
• Ability to handle multiple tasks with tight deadlines simultaneously
• Effective team player and excellent relationship building skills with ability to demonstrate a high level of discretion and positive attitude with all internal and external stakeholders
• Ability to maintain the highest level of confidential/sensitive information and professionalism
• Flexibility and readiness to work beyond regular working hours and as required

Languages

• Fluent in English & Arabic