1. Ensure proposing the security policies and conduct their annual review in alignment with the Enterprise Risk Management framework set by the 2nd line to be reviewed by the relevant stakeholders according to the policy review process. Follow the developed Data Classification & Protection program and carry on the related activities to classify and protect the bank’s crown jewels and critical information assets.

2.Maintain the necessary controls to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data.

3.Maintain the sensitive data inventory and data flows across all departments to ensure increased visibility & control of enterprise data landscape.

4.Liaise with IT security infrastructure team to ensure effective utilization and proper policy setup over the different security tools such as the Data Loss Prevention, Data Classification and the URL Web Filtering tools for proper handling of the bank’s information according to the developed Information Governance policy.

5.Review and configure the information classification and protection tools’ policies to enforce the proper classification of the bank’s documents and files and applying the appropriate rights, documents’ security and security controls accordingly.

6.Monitor and track the violations to the developed information access & handling security policies to ensure the necessary disciplinary actions take place. This includes unjustified access to information, data leakage attempts, improper handling of information assets, etc.

7.Maintain, review and update the standard operating procedures (SOP), for the different access management approvals and ensure proper adherence to the set SLA.

8.Maintain and develop an Enterprise Mobility Management (EMM) strategy and ensure the appropriate policies are applied on the EMM solution to ensure the adequate protection of information and accessibility over mobile devices.

9.Provide security controls approvals over information & Data related access requests, similar to Removable Media Access, External Email Access, Special Internet Access and EMM Access, to ensure proper business justification is in place and according to the defined process and SLA.

10.Identify and report awareness gaps related to the data classification and protection policies and guidelines to support the creation of relevant awareness campaigns

Qualifications & Experience

Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent

Officer: Minimum 4 - 6 years of experience in IT, Information Security and/or Governance, Risk and Compliance

Senior Officer: 6 - 8 years of experience in IT, Information Security and/or Governance, Risk and Compliance

Risk management background

Recommended Certifications

oSANS Global Information Assurance Certification (GIAC)

oCISM

oISO 27001:2013 Lead implementer

Skills

Very Good command of English and Arabic languages

Very Good Communication skills

Very Good Time Management skills