To support the information security controls team by ensuring the proper enforcement of the developed information governance and protection security policies in alignment with the set data classification and protection framework and the security strategy and roadmap. In addition to enforce a proper governance model for information handling across the different business areas, departments, applications, and systems, including monitoring of information disclosure and data access policy violations, as well as handling of the different information access and data exchange security approvals and reviews.
Key Accountabilities:
- Conduct the annual review and update of the area's processes, procedures and policies with the adherence to the developed SLAs. This includes mainly the review of the Information Governance Policy, the Security Governance Policy, the Data Classification Policy and the Information Access Management & Handling Procedures
- Design and Develop the Data Classification & Protection program to set a data classification framework that helps classify and protect the bank's crown jewels and critical information assets
- Maintaining the necessary controls to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data
- Maintain the sensitive data inventory and data flows across all departments to ensure increased visibility & control of enterprise data landscape
- Ensure the proper handling of the bank's information according to the developed Information Governance policy through liaising with IT Security Infrastructure for the effective utilization and proper policy setup over the different security tools such as the Data Loss Prevention, Data Classification and the URL Web Filtering tools
- Review and configure the information classification and protection tools policies to enforce the proper classification of the bank's documents and files and applying the appropriate rights, documents security and security controls accordingly
- Monitor and track the violations to the developed information access & handling security policies to ensure the necessary disciplinary actions take place. This includes unjustified access to information, Data Leakage attempts Policy Violations, Improper Handling of information assets, etc
- Maintain and develop an Enterprise Mobility Management (EMM) strategy and ensure the appropriate policies are applied on the EMM solution to ensure the adequate protection of information and accessibility over mobile devices
- Provide security controls approvals over information & Data related access requests, similar to Removable Media Access, External Email Access, Special Internet Access and EMM Access, to ensure proper business justification is in place and according to the defined process and SLA
- Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner
- Follow the day-to-day operations related to own jobs in the Information Security department to ensure continuity of work
Requirements
- Bachelor's degree of Engineering, Computer Science, Information Security or equivalent
- Officer: Minimum 4 - 6 years of experience in IT, Information Security and/or Governance, Risk and Compliance
- Senior Officer: 6 - 8 years of experience in IT, Information Security and/or Governance, Risk and Compliance
- Risk management background
- Recommended Certifications
- SANS Global Information Assurance Certification (GIAC)
- CISM
- Mandatory Certifications
- ISO 27001:2013 Lead implementer
Skills:
- Very Good command of English and Arabic languages
- Very Good Communication skills
- Very Good Time Management skills
