AVP - CyberSecurity Architect
- Manama, Capital Governorate, Bahrain
- Permanent, Full time
- 22 Feb 18 2018-02-22
The primary role of this position is to support the Head of Group Information Security in developing, maturing and maintaining the Bank’s Cybersecurity architecture; leading or assisting in the creation, implementation and management of CyberSecurity solutions; implementing, monitoring, and maintaining CyberSecurity operational processes; and producing reports for the assessment and functioning of security operations.
In addition, the position provides full support to the Head of Group Information Security in managing the day-to-day security-related activities and supporting all operational security positions. The Job holder will deputise as required for the Heads of department. The position is responsible for management and distribution of the security policies, policy adherence, and information security coordination.
Principal Responsibilities, Accountabilities and Deliverables of Role
- Complies with the Group’s documented standards, policies and procedures, and with the Information Security standards.
- Deputises as required for the Head of Group Information Security.
- Provides the Head of Group Information Security with an independent assessment of the adequacy, effectiveness and sustainability of security operations.
- Ensures team’s compliance with security controls and procedures.
- Ensures the secure configuration and operation of security hardware and software.
- Ensures that necessary changes to security policy documentation are incorporated as directed by the Head of Department.
- Works in partnership with other Information Security and IT staff to ensure key security controls are working as intended, recommending improvements where appropriate.
- Assists the Head of Information security in evaluating and implementing cost-effective security controls.
- Collaborates with security organization team members to assess and analyse security .operations and suggests improvement
- Maintains up to date knowledge of new technologies and their inherent risks especially those which are/planned to be deployed in ABC.
- Supports the development and maintenance of a comprehensive cybersecurity programme.
- Maintains and monitors network and host intrusion detection and prevention technologies.
- Supports forensic analysis and security incident management, analyses and identifies root causes, and develops after action plan reports for high-impact/high-profile incidents.
- Maintains the Bank’s CyberSecurity framework and the mapping to other security frameworks/ internal policies, and tracks all related action plans.
- Ensures that adequate technical support is provided to other units and by the vendors to make the most of security products/tools.
- Identifies risks to information resources through risk analysis.
- Identifies critical and sensitive information resources.
- Works with the business and IT to specify CyberSecurity controls and convey security control requirements to users and information custodians.
- Compiles reports as required by management or as specified by security policy.
- Reviews security metrics.
- Evaluates the extent of compliance with established policies, procedures, control guidelines and generally accepted industry standards and practices.
Risk, Compliance & Business Continuity:
At all times, act with due care, skill and diligence to ensure compliance with Bank ABC’s risk culture, policies and procedures, Code of Conduct and Values.
Escalate risk and compliance issues in a timely manner to your line manager, and ensure that all mandatory training is completed to schedule.
Participate in exercises to rehearse the banks response to an emergency situation (i.e. evacuation exercises and Business Continuity tests)
Job Context (Circumstances & environment surrounding the job):
The job holder has direct responsibility for the CyberSecurity architecture, including conducting product testing and assessing the impact of security vulnerabilities in the Banks’ IT environment. Under general supervision the job holder will help the Group Information Security Officer to develop a comprehensive oversight capability that will enable clear understanding and escalation of the Bank’s Cyber risk and security posture.
The role supports the broad spectrum of CyberSecurity responsibilities from technical aspects, process requirements, framework compliance oversight, and tracking of action plan performance. The role also assists the team and other personnel to perform forensic analysis and incident handling. Manages the scope, schedule and other resources that may be required to deploy the Information Security program through the Group. Travel may be required. Performs other related work as required by the Head of Department.
- Strong knowledge of the NIST CyberSecurity framework and the financial services’ Info & CyberSecurity requirements in the USA, UK and Singapore.
- Display strong knowledge of Networks, firewalls and perimeter security.
- Have held a team-lead position; preferably within the Information Security space.
- Strong knowledge of forensic investigations, incident management and ethical hacking.
- Strong portfolio and project management skills.
- Display good knowledge of the 10 recognized information security domains: Access Controls, Application Security, Cryptography, Risk Management, Compliance and Investigations, Operations Security, Physical Security, Security Architecture and Telecommunications.
- Display knowledge of IT processes: application development, change and release management, incident and problem management, software asset management, IT risk management, security management, data management.
Education / Certifications
- University Degree in Information Technology/Information Systems/Computer sciences from an accredited 3-4 year program.
- Holds an Information/cybersecurity related certification: CISSP – The Certified Information Systems Security Professional; CISM – Certified Information Security Manager; GIAC – Global Information Assurance Certification; or CEH – Certified Ethical Hacker.
- The Cybersecurity architect may hold vendor-oriented certifications such as those offered by Cisco, Microsoft, Enterasys, Symantec, Oracle, McAfee, etc.
- At least 15 years of experience, with a minimum of 7 years in the Information/Cyber Security field. The remainder with one or more of the following: networks and telecommunications, IT Audit, or IT Risk.
- Highly numerate. Excellent written and verbal communication skills in English. Analytics both from technical and business point of view.
Deputies as required for the Head of Group Information Security in the relevant Governance committees e.g., IT steering committee, IT Risk Committee, Operation Risk Committee.
Regulatory Status of Role: Country Specific
(i.e. SMR mainly for UK, Approved Persons, Material Risk Takers etc.)
Information Security assignments are made on the basis of a number of factors including staff availability, skills base etc. Information Security members may have to handle several assignments at the same time, each one at different stages of completion.
ecause of the nature of the function this role is a position of trust, therefore a high sense of ethics is a key personal attribute.