JOB PURPOSE:
To ensure proper implementation of the required security controls and measures in accordance with the bank’s internal security policies, processes and compliance requirements. In addition to conduct regular scheduled scans and audits on the bank’s internal systems as required in order to maintain compliance certifications. Also, to ensure annual maintenance of the PCI-DSS certification, compliance with ISO27001, EU GDPR & other applicable standards and regulations.
KEY ACCOUNTABILITIES
1.Recommend changes to policies and procedures based on changes to regulations, standards or best practices ensuring that any security mandates are adequately implemented and reported such as ISO, PCI, SWIFT, CBE regulations, and other applicable standards.
2.Recommend and coordinate with the Security Operations Center for the security compliance monitoring requirements as needed such as File Integrity Monitoring, Database Activity Monitoring and others.
3.Ensure maintenance of all needed documentation supporting security compliance requirements, and audit issues for ongoing tracking and documentation.
4.Participate in Secure Development and Acquisition life cycle process to assess and identify areas of concern from security compliance perspective in line with regulations, standards and best practices.
5.Collaborate efforts with the Information Security Analysis Team to provide input to the security risk assessments and risk register, which will ensure all security compliance requirements are being considered and catered for.
6.Review and ensure the semi-annual firewall reviews are conducted to ensure compliance with PCI, Swift standards and the developed security policies.
7.Develop the necessary compliance use cases to support the different security controls and compliance requirements and communicate violations to the relevant teams.
8.Ensure the standard operating procedures (SOP) are maintained for the different compliance processes and ensure proper adherence to the set SLA.
9.Maintain annual compliance with the Information Security Management System - ISO 27001 standard on the certified scope.
10.Liaise with the different IT Teams to develop standard configuration and baselines for IT Infrastructure and Platforms aligned with industry best practices and standards.
11. Conduct periodic reviews against the approved baselines and ensure closure of all identified gaps.
Qualifications & Experience
§Bachelor degree in Engineering, Computer Science, Information Security or equivalent.
§Officer: Minimum 5 - 7 years of experience in IT Security, Risk or Compliance
§Senior Officer: Minimum 7-9 years of experience in IT Security, Risk or Compliance
§Governance, Risk and Compliance background/knowledge
§Recommended Certifications:
oISO 27001:2013 Lead Auditor
oCISSP
§Mandatory Certifications:
oCertified PCI-DSS Professional
oEC Council – CEH
Skills
§Very good command of English and Arabic languages
§Very good Analytical skills
§Very good Time management
§Very good Teamwork Spirit
Very good Negotiation skills
اطلب مساعدة الخبراء لكتابة سيرة ذاتية مميزة.