To participate in the development and implementation of an effective cyber security strategy with technical plans and operational procedures for ensuring the protection of banks’ information assets by the company vision, and regulatory requirements in the short, medium, and long terms. Further, the role will be responsible for ensuring the security operations, monitoring, incident response and investigation are well executed for lowering the risk over the organization’s infrastructure and business operations.
Responsibilities:
Ensure that protection and detection capabilities are aligned with the organization's cybersecurity strategy, policies, and regulations such as PCI, NCA, SAMA, CBB, UAECB and other related documentation, and further periodically review the mentioned to promote continuous collaboration across the organization.
Collaborate with stakeholders to ensure business continuity and disaster recovery programs meet organizational requirements in line with the BCM framework.
Ensure to track audit and GRC findings and recommendations about Cybersecurity defence areas and ensure that appropriate mitigation actions are taken promptly.
Support audit engagements about Security operation monitoring and incident response areas.
Effectively track crucial processes such as vulnerability management, application whitelisting, DLP management, firewall reviews, managing SOC and incident response policies, procedures and standards.
Participate in managing financial aspects of cybersecurity, including budgeting and resourcing.
Ensure that appropriate actions are taken to mitigate the risk in the event of a cybersecurity incident and highlight all issues, concerns and resolutions. Further, correlate incident data to identify vulnerabilities.
Design, implement and review the effectiveness of technical security controls as per their domain. Recommend cost-effective security controls to mitigate risks identified through testing and review. Furthermore, manage and monitor the updating of rules, and signatures for relevant controls and manage their documentation.
Lead projects and initiatives for implementations of security controls and improvements. Support business projects and ensure the security requirements related to cyber defense are included.
Keep track of SLA, KPIs, and KRIs about Cybersecurity defence.
Oversee and manage security operation monitoring function, by using continuous monitoring tools to assess risk on an ongoing basis.
Support authorized penetration testing of infrastructure and assets.
Oversee and manage the incident response process. Further, ensure that appropriate actions are taken to mitigate the risk.
Skills & Responsibilities:
University degree in Computer Science, Information Systems or Information Technology or a related discipline or equivalent experience. Technical expertise with a business understanding of the subject matter.
Preferably has one or more certifications like CISSP, CISM, CISA, GIAC, Security+
10 years of progressive experience in a security analyst/technical security and managerial role, preferably in a Bank.
Strong knowledge of IT Systems, demonstrated analytical ability, strong written & oral communication/presentational skills; good time-management skills; self-motivation and leadership attributes; people management and relationship skills.
Technical Skill: Determining the normal operational state for security systems and how that state is affected by change. Developing policies which reflect the organization's business and cybersecurity strategic objectives, designing the integration of hardware and software solutions, system, network and OS hardening techniques.