Information Security Officer

As the implementation phase of Buna, formerly known as the Arab Regional Payment System (ARPS), project picks up momentum, we are looking for a responsible Information Security Officer- Buna to join our founding team. Duties of the Information Security Officer include developing and managing Buna’s information security policies & strategy to protect Buna from security threats and cyber-attacks. The job holder is also responsible for ensuring operational compliance with all standards and regulations and driving business continuity. This position will report to the Chief Risk & Compliance Officer.

In this context, the following sections detail the main qualifications, skills and responsibilities related to this position:

Key Responsibilities

Cyber Security Policies and Procedures Development

  • Develop and monitor a strategic, comprehensive enterprise information / cyber security risk management program (including strategy, policies, standards, processes, and guidelines) to ensure protection of Buna digital and data assets
  • Create, maintain and publish up-to-date information security policies, standards and guidelines
  • Ensure cyber security policies, procedures and best practices are communicated across the organization

Security Operations Implementation

  • Implement and lead the strategy for managing and reporting security incidents and oversee investigations of reported security breaches
  • Identify, manage, and minimize information security risks, and provide relevant and timely reports that drive business decisions
  • Ensure appropriate administrative, physical and technical safeguards are in place to protect information assets from internal and external threats
  • Identify, introduce and implement appropriate procedures to test technical safeguards on a regular basis
  • Oversee the development and implementation of appropriate and effective controls to mitigate identified threats and risks
  • Align the security and enterprise (reference) architectures, ensuring security requirements are implicit in these architectures
  • Manage the daily operations for InfoSec architecture, engineering, operations center, secure development lifecycle, and governance functions across on-premise, hybrid cloud, and cloud capabilities

Information Security Program Management

  • Report regularly on current status of the information security program
  • Keep abreast of latest cybersecurity technologies and innovations
  • Create and manage a targeted information security awareness training program
  • Manage InfoSec vendor relationships and optimizing value from these relationships
  • Research, investigate and implement measures that address data security risks and potential losses

Identity and Access Management

  • Monitor and maintain application user access across the IT portfolio
  • Maintain on time on-boarding and off-boarding for identified IT environments

Cybersecurity Incident Mitigation

  • Follow-up on detected security issues and implement solutions to mitigate risks
  • Oversee threat monitoring activities, take preventive actions and advise relevant stakeholders on the appropriate course of action and response to such threats
  • Own the cybersecurity incident and vulnerability management processes from design to implementation

Threat Analysis and Monitoring

  • Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters

Requirements

Experience & Education/

  • 10+ years of experience in IT, with at least 5+ years in Information Security, preferably in banking
  • Prior experience developing and maintaining an information security program
  • Experience with information security frameworks
  • Graduate degree from a reputable university preferably in computer science or any related field
  • Relevant security certifications (CISA, CISM, CERT, CISSP, GSEC, CCSP, GIAS, CEH or OCSP) are preferred

Skills

  • Knowledge of information security frameworks, cyber security policies and procedures, statutory and regulatory compliance, security operations, cybersecurity incident response, identity and access management and further threat analysis and monitoring
  • Excellent communication skills (oral and written) with ability to effectively communicate by telephone, face to face, email and written
  • Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint)
  • Excellent organization and time management skills, and ability to work on own initiative, accurately to tight deadlines, and to prioritize between conflicting demands
  • Ability to handle multiple tasks with tight deadlines simultaneously
  • Effective team player and excellent relationship building skills with ability to demonstrate a high level of discretion and positive attitude with all internal and external stakeholders
  • Ability to maintain the highest level of confidential/sensitive information and professionalism
  • Flexibility and readiness to work beyond regular working hours and as required

Languages

  • Fluent in English & Arabic