IT Security Manager

Job Purpose :

The IT Security Manager is responsible for the implementation and operational management of security controls, ensuring the bank's IT infrastructure, systems, and applications are securely configured and maintained. This role focuses on technical security implementations, endpoint protection, vulnerability management, secure configurations, and security operations support, working closely with the Information Security team to ensure adherence to policies, procedures, regulatory frameworks and the overall bank’s security strategy.

Key Accountabilities

1. Security Implementation & Operations

• Deploy, configure, and maintain security solutions (firewalls, endpoint protection, email security, data encryption, etc.).
• Ensure secure configurations of IT systems, including servers, databases, networks, and endpoints.
• Work with IT teams to embed security best practices into infrastructure and application deployments.

2. Vulnerability & Patch Management

• Ensure regular vulnerability scans on IT systems and coordinate with IT teams to remediate findings.
• Manage the patch management process, ensuring timely updates to eliminate security risks.
• Ensure compliance with secure baseline configurations (e.g., CIS benchmarks, hardening guidelines).

3. Identity & Access Management (IAM)

• Support the integration of IAM solutions with existing IT infrastructure and applications.
• Support the periodic access reviews in coordination with the Information Security team.

4. Security Operations Support

• Collaborate with the Security Operations Centre (SOC), ensuring IT teams provide necessary logs and telemetry for threat detection.
• Support the incident response process by providing technical assistance during security incidents.
• Implement security monitoring tools (e.g., endpoint detection and response – EDR) and ensure log collection and integrity.

5. Compliance & Audit Support

• Implement security controls required by bank’s regulators frameworks (SAMA, NCA, CBB, CBUAE, CBO and other regulatory bodies).
• Assist in internal and external IT security audits, addressing findings related to infrastructure security.
• Maintain IT security documentation and technical security standards.

6. Cloud & Application Security

• Ensure secure cloud configurations for IaaS, PaaS, and SaaS environments (AWS, Azure, OCI, etc.).
• Work with developers to integrate security into CI/CD pipelines (DevSecOps) and cloud environments.
• Support the implementation of Web Application Firewalls (WAFs) and API security solutions.

Qualifications, Experience and Skills

Qualifications:

A bachelor’s degree in computer science, information systems (or a related field), or equivalent experience is required.

Professional Certifications:

Certifications (Preferred): CISSP, CISM, CEH, Microsoft/AWS Security Certifications, or equivalent.

Experience:

• 7+ years of experience in IT security operations, system hardening, and security implementations.
• Hands-on experience with firewalls, IDS/IPS, endpoint security, SIEM integration, and IAM solutions.
• Strong knowledge of Windows/Linux security, network security, cloud security, and vulnerability management.
• Experience in incident response and forensic analysis is a plus.

Skills:

• Technical Expertise – Deep understanding of IT security technologies and infrastructure security.
• Problem-Solving & Troubleshooting – Ability to quickly identify and mitigate security risks.
• Collaboration & Stakeholder Management – Works effectively with IT teams, SOC, and Information Security.
• Adaptability & Continuous Learning – Keeps up with evolving security threats and best practices.