Job Description

Global bank

Free placement

Information Security Officer

Bookmark and Share

Job id: 247524

18 Oct 2018

Job Location

Kuwait

Experience

2 to 7 years

Qualification Level

Graduate; Engineering Graduates/PG

Job Function

Banking / Financial Services
IT - Software

Skillset

Security, SIEM , security information event management

Jobseeker Nationality

Only Nationals of the Country for which the Job is posted

Job Description

Job Title Information Security Officer
Responsibility Head – Information security Office
Department Information Security Office

Main Role (Overall Accountability)

The Information Security Officer (ISO) is responsible for the overall information security management program of the Bank to ensure that the security of the intellectual and information assets of the bank are always protected.

• Acts as a central point of ownership and management for enterprise-wide Information Security in the Bank.
• Recommend approach and methods for implementing strategic Information Security objectives, initiatives, and directives.
• Monitor strategic initiatives within the Bank to assess the impact on Information Security.
• Ensure that adequate information security management aspects are taken into account for strategic projects within the Bank and the projects comply with the corporate Information Security Architecture.
• Monitor and ensure that security weaknesses identified are addressed satisfactorily by the Business Units.

Principal Duties and Responsibilities

• Develop and maintain Information Security Strategy.
• Develop Information Security Management framework.
• Develop and maintain Information Security policies, standards, procedures and guidelines
• Develop and maintain an effective Information Security monitoring and reporting mechanism.
• Implement an Information Security Awareness program across the organization


Specific Responsibilities
1. Information Security Management
• Obtain approval for the Information Security Program from the Security Steering Committee/Executive management.
• Act as the principal contact for coordination, implementation, and enforcement of Information Security policies in consultation with the Security Steering Committee (SSC)
• Review and recommend revisions for the Integrated Security Architecture (ISA) of the Bank as per changing business needs, system security inadequacies and IT system environment changes.
• Responsible and accountable for information security of all centrally maintained and distributed systems and computer equipment.
2. Risk Assessment

• Develop a systematic approach for information risk assessment in the Bank.
• Conduct and document an information security risk assessment annually in accordance with ISO27001 standards that identifies significant and critical information assets across bank.
• Ensure that information security risk assessment is performed by each information owner of significant and/or critical information assets in the bank on an annual basis.
• Document and maintain an up to date Information Security Program that details the specific risk mitigation strategies to be used by each information owner of significant and/or critical information assets to manage risks.

3. Information Security - Monitoring & Reporting

• Establish reporting guidance, metrics, and timelines to monitor effectiveness of security strategies in both the centralized and decentralized operations.
• Establish reporting guidance, metrics, and timelines to monitor effectiveness of security strategies in each business function of the bank.
• Report periodically to the management the status and effectiveness of the control implementation based on the status of risk assessment, strategies being adopted to manage the risks, penetration testing and vulnerability assessment programs and compliance of the vulnerabilities reported.
 Establish, implement and maintain procedures for security event monitoring.
 Establish, implement and maintain process and procedures for systems & applications which are not in the scope of 24/7 SIEM.
 Perform periodic review of SOC monitoring and reporting process for improvements & performance measurements.
 Supervises the activity of the SOC team.
 Provide training and mentoring to security team members.
 Manages the escalation process and reviews incident reports.
 Runs compliance reports and supports the audit process.
 Measures SOC performance metrics and communicates the value of security operations to business leaders.
 Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
 Establish centralized cyber security incident management process and periodically report to the management.
 Co-ordinate with IT & business teams for closure of the security incidents.
 Formulating and maintaining of IS dashboard by conducting security awareness for relevant stake holders of the controls.
 Develop & maintaining rulebook for cyber security incident management.
 Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
 Focal point of all cyber security incident response execution.
 Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar threats and vulnerabilities.
 Responsible to escalate cyber forensic requirement to a third party experts/company.

• Initiate internal and external security reviews and ensure that action is taken to rectify any shortfalls that are identified.

• Establish Incident management procedures for reporting and handling security incidents and ensure compliance with the established guidelines and procedures.

4. Information Security Awareness

• Develop a strategy for implementation of the Information Security Awareness across the organization.

• Prepare and implement an Annual plan for security awareness.

• Ensure that specialized training is provided to information owners and Information Security Administrators on an annual basis.
Personnel Specifications

• Must be an articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical audience.
• Must have masters or bachelor's degree in a computer-related field such as computer science, management information system or information science.
• Should have one or more of the certifications like CISM, CISSP, CISA, CRISC etc.
• Must have a minimum 8-10 years of experience in the IT or information security management
• Must have sound understanding of information technology and information security products/solutions and knowledge of banking applications.
• Should have experience with business continuity planning, security auditing, and risk management, as well as contract and vendor negotiation.
• Should have strong team building, interpersonal, communication and presentation skills.
• Must have strong working knowledge of pertinent law and the law enforcement community.
• Must have good knowledge of standards such as ISO 27001, ISO 27005, PCI-DSS, CoBIT etc.



Disclaimer: GotoGulf is a platform that facilitates recruiters and jobseekers reach out to each other. Applicants are advised to research the bonafides of recruiters independently. We do not endorse requests for money payments and strictly advise against sharing personal or financial information. If you suspect malpractice, please email to us.