1. Ensure proposing the security policies and conduct their annual review in alignment with the Enterprise Risk Management framework set by the 2nd line to be reviewed by the relevant stakeholders according to the policy review process. Follow the developed Identity and Access Management (IAM) Governance program and carry on the related activities including developing the different applications’ security matrices, mapping the different IT roles to their relevant business activities, identifying sensitive access, segregation of duties based on Information Security policies, … etc.

2.Liaise with the different business departments to develop an inventory of business activities, mapped to the relevant applications’ roles, through which sensitive and critical business activities are identified and setup on the IAM platform with appropriate risk ratings.

3.Adhere to the segregation of duties based on Information Security policies across the different business activities and ensure the same is maintained on the IAM platform to control SOD access violations and alert on the same.

4.Liaise with IT Security IAM team to review the applications’ security matrices and reflect any changes on the matrix and ensure access is granted according to the conducted business activity with no segregation of duties violations based on Information Security policies Liaise with IT Security IAM team to ensure effective utilization and proper setup of the Identity & Access Management, and the Security Access Management platforms for proper management of the bank’s identities according to the developed Human Resources and Physical & Environmental Security Policies.

5.Monitor and track the violations to the developed identity related security policies to ensure the necessary disciplinary actions take place. This includes unjustified Local Admin Privileges segregation of duties violations based on Information Security policies, unacceptable use of the bank’s resources, etc.

6.Maintain the standard operating procedures (SOP), for the different access management approvals and ensure proper adherence to the set SLA

7.Provide security controls approvals over identity related access requests, similar to remote working Access, Sensitive Applications’ Access, to ensure proper business justification is in place and according to the defined process and SLA.

8.Develop the necessary security access matrix mapped to the staff’s job titles and business activities for new projects and business initiatives.

9.Provide support to define physical access controls for CIB’s headquarters, buildings and branches and ensure proper implementation and enforcement of the same by the relevant teams.

10.Update the different security access matrix based on any HR restructure to ensure staff access is mapped to their new job titles and business activities.

11.Identify and report awareness gaps related to the identity access management policies and guidelines to support the creation of relevant awareness campaigns

Qualifications & Experience

Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent

Officer: Minimum 4 - 6 years of experience in IT, Information Security and/or Governance, Risk and Compliance

Senior Officer: 6 - 8 years of experience in IT, Information Security and/or Governance, Risk and Compliance

Risk management background

Recommended Certifications:

oSANS Global Information Assurance Certification (GIAC)

oCISM

oISO 27001:2013 Lead implementer

Skills

Very Good command of English and Arabic languages

Very Good Communication skills

Very Good Time Management skills