Information Security Officer - Arab Monetary Fund

Introduction

As the implementation phase of Buna formerly known as the Arab Regional Payment System (ARPS) project picks up momentum we are looking for a responsible Information Security Officer Buna to join our founding team. Duties of the Information Security Officer include developing and managing Bunas information security policies & strategy to protect Buna from security threats and cyberattacks. The job holder is also responsible for ensuring operational compliance with all standards and regulations and driving business continuity. This position will report to the Chief Risk & Compliance Officer.

In this context the following sections detail the main qualifications skills and responsibilities related to this position:

Job Responsibilities

Cyber Security Policies and PRocedures Development

• Develop and monitor a strategic comprehensive enterprise information / cyber security risk management program (including strategy policies standards processes and guidelines) to ensure protection of Buna digital and data assets
• Create maintain and publish uptodate information security policies standards and guidelines
• Ensure cyber security policies procedures and best practices are communicated across the organization

Security Operations Implementation

• Implement and lead the strategy for managing and reporting security incidents and oversee investigations of reported security breaches
• Identify manage and minimize information security risks and provide relevant and timely reports that drive business decisions
• Ensure appropriate administrative physical and technical safeguards are in place to protect information assets from internal and external threats
• Identify introduce and implement appropriate procedures to test technical safeguards on a regular basis
• Oversee the development and implementation of appropriate and effective controls to mitigate identified threats and risks
• Align the security and enterprise (reference) architectures ensuring security requirements are implicit in these architectures
• Manage the daily operations for InfoSec architecture engineering operations center secure development lifecycle and governance functions across onpremise hybrid cloud and cloud capabilities

Information Security Program Management

• Report regularly on current status of the information security program
• Keep abreast of latest cybersecurity technologies and innovations
• Create and manage a targeted information security awareness training program
• Manage InfoSec vendor relationships and optimizing value from these relationships
• Research investigate and implement measures that address data security risks and potential losses

Identity and Access Management

• Monitor and maintain application user access across the IT portfolio
• Maintain on time onboarding and offboarding for identified IT environments

Cybersecurity Incident Mitigation

• Followup on detected security issues and implement solutions to mitigate risks
• Oversee threat monitoring activities take preventive actions and advise relevant stakeholders on the appropriate course of action and response to such threats
• Own the cybersecurity incident and vulnerability management processes from design to implementation

Threat Analysis and Monitoring

• Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters

Qualifications and Skills

Experience & Education

• 10 years of experience in IT with at least 5 years in Information Security preferably in banking
• Prior experience developing and maintaining an information security program
• Experience with information security frameworks
• Graduate degree from a reputable university preferably in computer science or any related field
• Relevant security certifications (CISA CISM CERT CISSP GSEC CCSP GIAS CEH or OCSP) are preferred

Skills

• Knowledge of information security frameworks cyber security policies and procedures statutory and regulatory compliance security operations cybersecurity incident response identity and access management and further threat analysis and monitoring
• Excellent communication skills (oral and written) with ability to effectively communicate by telephone face to face email and written
• Proficient in Microsoft Office (Outlook Word Excel and PowerPoint)
• Excellent organization and time management skills and ability to work on own initiative accurately to tight deadlines and to prioritize between conflicting demands
• Ability to handle multiple tasks with tight deadlines simultaneously
• Effective team player and excellent relationship building skills with ability to demonstrate a high level of discretion and positive attitude with all internal and external stakeholders
• Ability to maintain the highest level of confidential/sensitive information and professionalism
• Flexibility and readiness to work beyond regular working hours and as required

Languages

• Fluent in English & Arabic