5 Cybersecurity Analyst jobs in Bahrain

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

Roles & Responsibilities:

• Monitoring the system and ensuring the system is available 24/7.
• Maintain best practices and security standards.
• Design and implement security solutions that protect the organization's On-prem / cloud infrastructure, applications, and data from security threats.
• Conduct regular security assessments of the organization's On-prem / cloud environment to identify potential security vulnerabilities and recommend appropriate remediation measures.
• Configure and maintain various security tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems to ensure optimal protection against security threats.
• Regularly monitor the syslogs and take corrective actions if any security breaches or vulnerabilities are found in the logs.
• Run VAPT tools to mitigate security vulnerabilities.
• Manage access controls for cloud resources, including user authentication and authorization, identity and access management (IAM), and network security groups (NSGs).
• Monitor the On-prem / cloud environment for security incidents and respond promptly to any security breaches or threats.
• Create and maintain security policies and procedures for the organization's On-prem / cloud environment, including disaster recovery plans, incident response plans, and security awareness training for employees.
• Keep up-to-date with the latest security trends and best practices to ensure that the organization's On-prem / cloud environment remains secure against evolving security threats.
• Review and apply the WAF policies to protect against DDoS and application-related attacks.
• Test the WAF rules and ensure they block malicious traffic.

Qualifications & Technical Skills:

1. Minimum of 10 years of experience.

• B.Sc. in Computer Engineering or Equivalent.

• Security Incident Handling & Response

• Security Management Frameworks

• Firewall/IDS/IPS (Palo Alto, Fortinet, Cisco, etc.)

• Vulnerability Management (VAPT)

• SIEM Management

• Data Management Protection

• Advanced Malware Prevention

• Identity & Access Management

• AWS: IAM, KMS, VPC, Security Groups, Network ACLs, VPC endpoints, CloudWatch, VPC Flow Logs

• Logging and Monitoring, SIEM, Syslog

• CloudFront, WAF and Certificate Management

• Technical Certifications like CEH, Security+, CISSP, etc.

Job purpose

• Overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
• Responsible for the organization's data privacy and protection function to ensure compliance with various regulations and best practices.

2. Primary Duties Performed

• Develop and maintain the cybersecurity Risk Management Framework of the organization for addressing the overall approach for handling cybersecurity risks and managing them in a methodological manner.

• Evaluate employees' information security awareness and provide the necessary training whenever is needed.

• Conduct frequent reviews on Vulnerability Assessment and Penetration Testing (VAPT) and manage vulnerabilities.

• Define the necessary controls to ensure all regulatory requirements related to cybersecurity are met, designed effectively with clear documentation.

• Identify the critical assets of the organization and ensure implementation of risk identification and management strategies for these critical assets.
• To assess technology projects to ensure that cybersecurity is adequately addressed.
• Responsible to identifying and managing cybersecurity risk for all third-party technology engagements and all cloud computing engagements.
• Evaluates and recommends cybersecurity technologies and solutions.
• Review cybersecurity & Risk Management manual and recommend necessary updates.
• Act as Data Protection Officer to identify and evaluate the Company's data processing activities.
• Monitor data management procedures and compliance within the Company.
• Assess Company compliance with Data Protection Private Law.
• Provide advice and arrange training to employees on Data Protection.
• Review and recommend updates on Data Protection Manual.
• Serve as the point of contact between the company and the data protection authorities.
• Performs other related duties assigned by the department head.

3. Secondary Duties Performed

• Assist in implementing risk management framework, policies and programs covering business, financial, operational, technological, and regulatory risks.
• Assist in the development and management of controls and business contingency plans.
• Maintain and update organizational risk register.
• Oversee the regular validation and testing of the Company Business Continuity Plan.
• Review Risk Management manual and recommend necessary updates.

4. Work & Business Contacts

Internal

• Management team and staff.

External

• Regulatory Bodies: Central Bank of Bahrain and Personal Data Protection Authority.
• Law Firms and Legal Advisors.
• Internal and External Auditors.
• VAPT vendors.

Division / Department: Risk Management

Incumbent Reports to: Manager – Risk & Project Management

Company : Gulf Air Group

Division : Information Technology

Location : (Location)

Department : Information Technology

Closing Date : 18-Feb-2025

To architect, design, plan, implement and support all Safety and Security systems, as a technical expert in these areas, to provide the company with the necessary Safety and Security services to achieve its strategic objectives.

1. Monitor, maintain and support services, within specialism area, to ensure the security, integrity and access to these critical information assets by ICT's internal and external customers.
   Monitor, manage and maintain solutions to ensure maximum uptime.
   Perform daily systems monitoring, including verifying the integrity and availability of all solution resources, capacity management, reviewing system and application logs, and verifying completion of scheduled jobs.
   Manage solution enhancements to improve business performance.
   Perform systems maintenance and management, including solution administration, upgrades, audits and user account management.
   Develop and improve efficient and reliable deployment and maintenance strategies.
   Draft and maintain solution architecture, configuration and operating procedure documentation on a continuous basis.
   Advise on solution security, backups, and disaster recovery needs.
   Ensure that all requests for support are dealt with according to set standards and procedures.
2. Perform and conduct Enterprise ICT activities as per service level agreements to ensure ICT's internal and external customers are provided with the required uninterrupted services to achieve their objectives.
   Develop implementation plans for complex requests for change. Lead the assessment, analysis, development, documentation and implementation of changes based on requests for change.
   Ensure that incidents are handled according to agreed procedures. Analyze causes of incidents, and inform service owners in order to minimize probability of recurrence to contribute to service improvement.
   Ensure that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Coordinate the implementation of agreed remedies and preventative measures.
   Monitor and report on supplier performance, customer satisfaction, and market intelligence. Engage proactively and collaboratively with suppliers to resolve incidents, problems, or unsatisfactory performance.
   Analyze service availability, reliability, maintainability and serviceability. Ensure that services meet and continue to meet all of their agreed performance targets and service levels.
   Document and maintain IT assets, inclusive of software, hardware and licenses, within specialism area, and act to highlight and resolve potential instances of unauthorized assets such as unlicensed copies of software.
   Be available for off-hours planned service windows, as well as other off-hours maintenance work as and when required.
   Provide 24x7 on call day-to-day support on specialism area solutions and services.
3. Perform and conduct DevOps activities to deliver, evolve and improve services at a high velocity to better meet the demand of ICT's internal and external customers.
   Implement, configure and maintain tools, including automation, to identify, track, log and maintain accurate, complete and current information on service configurations, within specialism area.
   Design, implement and maintain system, within specialism area, integrations with internal and external systems to ensure that they meet functional requirements, interface specifications and ICT's security and governance standards and policies.
   Collaborate with technical teams to develop and agree system integration plans. Assist in database support activities.
   Use system management tools to collect and report on load and performance statistics and to automate the provisioning, testing and deployment of new and changed system components.
   Design, code, verify, test, document, amend and refactor complex programs, scripts or integrations, within specialism area.
   Create test cases using in-depth technical analysis of both functional and non-functional specifications such as reliability, efficiency, usability, maintainability and portability. Produce test scripts and materials to test new and amended software or services.
4. Design, implement and maintain digital transformation initiatives and associated architectures, as assigned by Manager, to meet the demand of ICT's internal and external customers to ensure they achieve their objectives and improve business value.
   Technical solution architecture design, planning, implementation and the highest level of performance tuning.
   Design components and modules using appropriate modelling techniques and recommend designs that take into account target environment, existing systems and performance and security requirements.
   Adopt appropriate systems design methods, tools and techniques, as promulgated by section Director, in the translation of planned architecture into working solutions.
   Produce specifications of cloud-based or on premises components, tiers and interfaces for translation into detailed designs of services and products.
   Monitor system performance and implement performance tuning.
   Determine opportunities for improvement of the current solutions and assess future enhancements.
   Investigate new and emerging technologies and where possible automate manual tasks.
5. Plan and co-ordinate activities to manage and implement the full project management lifecycle for complex projects from initiation to final operational stage, including the transition into “business-as-usual”, to ensure delivery within scope, schedule and budget.
   Plan and drive scoping, requirements definition and prioritization activities for large and complex initiatives.
   Investigate operational requirements, problems, and opportunities, seeking effective business solutions.
   Review business cases and determine appropriate procurement routes.
   Evaluate the quality of project outputs against agreed service acceptance criteria.
   Oversee and measure the fulfillment of contractual obligations using key performance indicators.
   Support programme or project control boards and provide basic guidance on individual project proposals.

A Diploma degree as minimum to accept while a BSc. Degree in Computer Science or equivalent is preferred.

A minimum of 0-2 years’ experience in related field.

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application, you would need the following document(s):