90 Information Security jobs in Bahrain

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

Roles & Responsibilities:

• Monitoring the system and ensuring the system is available 24/7.
• Maintain best practices and security standards.
• Design and implement security solutions that protect the organization's On-prem / cloud infrastructure, applications, and data from security threats.
• Conduct regular security assessments of the organization's On-prem / cloud environment to identify potential security vulnerabilities and recommend appropriate remediation measures.
• Configure and maintain various security tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems to ensure optimal protection against security threats.
• Regularly monitor the syslogs and take corrective actions if any security breaches or vulnerabilities are found in the logs.
• Run VAPT tools to mitigate security vulnerabilities.
• Manage access controls for cloud resources, including user authentication and authorization, identity and access management (IAM), and network security groups (NSGs).
• Monitor the On-prem / cloud environment for security incidents and respond promptly to any security breaches or threats.
• Create and maintain security policies and procedures for the organization's On-prem / cloud environment, including disaster recovery plans, incident response plans, and security awareness training for employees.
• Keep up-to-date with the latest security trends and best practices to ensure that the organization's On-prem / cloud environment remains secure against evolving security threats.
• Review and apply the WAF policies to protect against DDoS and application-related attacks.
• Test the WAF rules and ensure they block malicious traffic.

Qualifications & Technical Skills:

1. Minimum of 10 years of experience.

• B.Sc. in Computer Engineering or Equivalent.

• Security Incident Handling & Response

• Security Management Frameworks

• Firewall/IDS/IPS (Palo Alto, Fortinet, Cisco, etc.)

• Vulnerability Management (VAPT)

• SIEM Management

• Data Management Protection

• Advanced Malware Prevention

• Identity & Access Management

• AWS: IAM, KMS, VPC, Security Groups, Network ACLs, VPC endpoints, CloudWatch, VPC Flow Logs

• Logging and Monitoring, SIEM, Syslog

• CloudFront, WAF and Certificate Management

• Technical Certifications like CEH, Security+, CISSP, etc.

Company Description

Job Description

VAM Systems is currently looking for Information Security Architect for our Bahrain operations with the following skillsets & terms and conditions:

Years of Experience : 7- 10 Years

Education Qualification : BE Computer Science and Engineering

Certifications required : CISSP, CCSP, CEH, CCNP, AWS, Azure, Java, Python, VB

Professional Training Required : Azure Solutions Architect, AWS Solution Architect, Secure Software Development and Programming.

Skills

• Proficiency and working knowledge in technology stacks used in application development, Web applications, in particular secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• In-depth knowledge in the software's design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, Security principles of routing, authentication, VPN, proxy services, and DDOS mitigation technology.
• Expertise in the architecture of information security systems. Project Manager
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.
  
  

• Perform security analysis, develop robust security architecture, and ingrain security solutions into the Bank's Group environment ensuring the confidentiality, integrity, and availability of the bank’s information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend security controls to address security risks.
• Research and recommend/implement the security standards, systems, and best practices.
• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Evaluate and implement information security technologies and countermeasures against threats to information.
• Review technical service requests and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure end-to-end security.
• Develop security baseline for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices, and ensure efficacy.
• Provide security architectural guidance to IT Project Managers.
• Understand the risk and weakness in applications.
• Secure application design and architecture, and conduct application security testing.
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at VAM Systems by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

• Monitor security systems (SIEM, IDS/IPS, firewalls) for security incidents and anomalies.
• Conduct thorough analysis of security alerts and logs to identify potential threats and breaches.
• Participate in incident response activities, including investigation, containment, eradication, and recovery.
• Perform vulnerability assessments and penetration testing to identify security weaknesses in systems and applications.
• Recommend and implement security controls and countermeasures to mitigate identified risks.
• Assist in the development and enforcement of information security policies, procedures, and guidelines.
• Conduct security awareness training for employees to promote a security-conscious culture.
• Stay current with the latest cybersecurity threats, trends, and technologies.
• Manage security patches and updates for systems and applications.
• Collaborate with IT operations and development teams to ensure security is integrated into system design and deployment.
• Prepare security reports, dashboards, and metrics for management.
• Participate in security audits and assessments, ensuring compliance with regulatory requirements (e.g., GDPR, ISO 27001).

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3-5 years of experience in information security, network security, or a SOC environment.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001) and security best practices.
• Proficiency with security tools such as SIEM, IDS/IPS, vulnerability scanners, and endpoint detection and response (EDR) solutions.
• Experience with incident response methodologies and threat intelligence.
• Knowledge of networking protocols, operating systems (Windows, Linux), and cloud security concepts.
• Relevant certifications such as CompTIA Security+, CEH, CySA+, or CCNA Security are highly desirable.
• Excellent analytical and problem-solving skills with a keen eye for detail.
• Strong written and verbal communication skills in English; Arabic is a plus.
• Ability to work independently and collaboratively in a fast-paced environment.

• Monitor security systems for anomalies and potential threats.
• Conduct vulnerability assessments, penetration tests, and security audits.
• Analyze security logs and alerts to identify and respond to incidents.
• Assist in developing, implementing, and enforcing information security policies.
• Research and recommend security solutions and best practices.
• Provide security awareness training to employees.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3-5 years of experience in information security or cybersecurity.
• Strong knowledge of network security, operating systems, and security frameworks (e.g., NIST, ISO 27001).
• Experience with security tools (SIEM, vulnerability scanners, IDS/IPS).
• Relevant certifications (e.g., CompTIA Security+, CEH, CISSP) are a significant plus.
• Excellent analytical and problem-solving skills.

• Lead the design, implementation, and maintenance of complex information security systems and architectures, ensuring alignment with business objectives and risk management frameworks.
• Develop and implement comprehensive strategies aligned with organizational goals, ensuring operational efficiency and strategic objectives are met.
• Lead and mentor cross-functional teams, fostering a collaborative and high-performance work culture, and providing guidance and support.
• Conduct in-depth analysis of market trends, competitor activities, and internal performance metrics to identify opportunities for growth and improvement.
• Manage project lifecycles from conception to completion, ensuring projects are delivered on time, within budget, and to the highest quality standards.
• Collaborate with stakeholders across various departments to ensure seamless integration of initiatives and effective communication channels.
• Prepare detailed reports and presentations for senior management, outlining key findings, recommendations, and strategic action plans.
• Drive continuous improvement initiatives, identifying process inefficiencies and implementing solutions to enhance productivity and outcomes.
• Oversee vulnerability management, penetration testing, and security audits, providing expert guidance on remediation strategies and security posture improvements.
• Research, evaluate, and recommend new security technologies, tools, and practices to enhance the organization's defensive capabilities against advanced persistent threats.
• Act as a subject matter expert for incident response, leading investigations, analysis, and recovery efforts during security breaches or incidents.

• Bachelor's degree in Cybersecurity, Information Technology, or Computer Science.
• A minimum of 5+ years of progressive professional experience in information security engineering, with at least 2 years in a lead or senior capacity, demonstrating a solid track record of achievement.
• Proven expertise with SIEM, IDS/IPS, firewalls, vulnerability management, and incident response platforms; experience with cloud security platforms (AWS, Azure, GCP), zero trust architectures, and container security is a strong plus.
• Exceptional analytical capabilities, with the ability to interpret complex security data, identify critical insights, and make data-driven decisions under pressure.
• Superior communication skills, both verbal and written, enabling effective interaction with diverse internal and external stakeholders, including senior management and external auditors.
• Demonstrated ability to lead, mentor, and inspire a team of security engineers, fostering a culture of technical excellence and continuous improvement.
• Strong problem-solving skills, with a proactive approach to identifying complex security challenges and implementing innovative, robust, and scalable solutions.
• Ability to manage multiple security priorities simultaneously, maintaining keen attention to detail and delivering high-quality results.
• Relevant professional certifications such as CISSP, CISM, CEH, GSEC, OSCP, or equivalent are highly desirable and will be a significant advantage.

• A highly competitive remuneration package, reflective of experience and expertise, along with comprehensive benefits including health, dental, and vision coverage, and a generous provident fund.
• Significant opportunities for professional development, including access to specialized training programs, industry workshops, and sponsored certifications to foster continuous learning and career advancement in a rapidly evolving field.
• A dynamic, inclusive, and collaborative work environment where your contributions are highly valued, your technical expertise is recognized, and your innovative ideas are actively encouraged.
• Engagement in challenging and impactful cybersecurity projects that directly safeguard critical infrastructure and sensitive data, pushing the boundaries of security innovation.
• A supportive team culture that prioritizes work-life balance and employee well-being, fostering a positive, engaging, and productive atmosphere.
• Modern office facilities equipped with the latest security engineering tools and technologies to support your critical work.

• Monitor security information and event management (SIEM) systems for security incidents and anomalies.
• Conduct in-depth analysis of security alerts, logs, and network traffic to identify potential threats and vulnerabilities.
• Perform incident response activities, including investigation, containment, eradication, recovery, and post-incident analysis.
• Develop and implement security policies, procedures, and guidelines to protect information assets.
• Conduct vulnerability assessments and penetration testing to identify weaknesses in systems and applications.
• Collaborate with IT operations and development teams to implement security patches and configurations.
• Stay informed about the latest cybersecurity threats, trends, and technologies.
• Participate in security audits and compliance reviews (e.g., ISO 27001, GDPR).
• Provide security awareness training to employees.
• Manage and configure security tools and technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection.
• Prepare detailed security reports and present findings to management.
• Assist in the development and maintenance of disaster recovery and business continuity plans.
• Respond to security questionnaires and support client security audits.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in information security, cybersecurity operations, or a similar role.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001).
• Proficiency with SIEM tools (e.g., Splunk, IBM QRadar) and security analytics.
• Experience with vulnerability scanning tools (e.g., Nessus, Qualys) and penetration testing methodologies.
• Knowledge of network protocols, operating systems (Windows, Linux), and cloud security concepts.
• Familiarity with scripting languages (e.g., Python, PowerShell) is a plus.
• Excellent analytical and problem-solving skills, with a keen eye for detail.
• Strong communication skills, both written and verbal, in English.
• Relevant certifications such as CompTIA Security+, CEH, CySA+, or CISSP are highly desirable.

• Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
• Familiarity with security automation and orchestration.

• Design, implement, and maintain robust information security architectures and systems, including firewalls, intrusion prevention systems, data loss prevention (DLP), and identity and access management (IAM) solutions.
• Lead the evaluation, selection, and deployment of new security technologies to enhance the organization's security posture.
• Conduct comprehensive security assessments, vulnerability scans, and penetration tests to identify and remediate security weaknesses.
• Develop and enforce security policies, standards, and procedures in alignment with industry best practices (e.g., NIST, ISO 27001) and regulatory requirements.
• Respond to complex security incidents, leading investigations, performing root cause analysis, and coordinating remediation efforts.
• Provide expert technical guidance and mentorship to junior security analysts and IT teams.
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC) using DevSecOps principles.
• Monitor security logs and alerts from various security tools (SIEM, EDR), identifying and responding to advanced threats.
• Stay current with emerging threats, vulnerabilities, and security technologies, recommending proactive measures.
• Participate in security awareness programs and training for employees.

• Bachelor's degree in Computer Science, Information Security, or a related technical field; Master's degree preferred.
• Minimum of 7-10 years of progressive experience in information security engineering, with a focus on enterprise-level security solutions.
• Expertise in network security, endpoint security, cloud security (AWS, Azure), and data security principles.
• Hands-on experience with security tools such as SIEM, firewalls (Palo Alto, Fortinet, Cisco), IDS/IPS, WAF, and vulnerability management platforms.
• Strong understanding of cryptographic principles, authentication protocols, and security frameworks.
• Relevant industry certifications (e.g., CISSP, CISM, CCSP, OSCP) are highly desirable.
• Exceptional analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical stakeholders.
• Ability to lead security projects and work independently on complex tasks.
• Experience with scripting languages (e.g., Python, PowerShell) for automation is a plus.

• Conduct comprehensive security assessments, including penetration testing, vulnerability assessments, security architecture reviews, and risk analyses, for client information systems and applications.
• Develop, review, and implement robust information security policies, procedures, and standards aligned with industry best practices (e.g., ISO 27001, NIST, CIS Controls) and regulatory requirements (e.g., GDPR, PCI DSS).
• Provide expert guidance and strategic recommendations on security architecture design, security controls implementation, and secure system configurations for various technologies (e.g., cloud, network, endpoint, application).
• Lead and support security incident response efforts, including forensic investigations, containment, eradication, and recovery, providing clear communication throughout the process.
• Design and deploy security solutions, including SIEM (Security Information and Event Management), identity and access management (IAM), data loss prevention (DLP), and network segmentation technologies.
• Deliver tailored security awareness training and workshops to client staff, enhancing their understanding of security risks and best practices.
• Prepare detailed, high-quality reports, executive summaries, and presentations for client leadership, clearly articulating findings, risks, and recommended actions.
• Collaborate with client teams to understand their unique business processes and challenges, integrating security solutions seamlessly into their operations.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, attack methodologies, and emerging security technologies.
• Contribute to proposal development and pre-sales activities, assisting in scoping client engagements and defining service offerings.

• Bachelor's or Master's degree in Computer Science, Information Security, Cyber Security, or a closely related technical field.
• A minimum of 7 years of progressive experience in information security, with at least 3 years specifically in a security consulting capacity for external clients.
• Deep expertise in security frameworks (e.g., NIST CSF, ISO 27001), risk management methodologies, and security architecture principles.
• Hands-on proficiency with a wide range of security tools and technologies across different domains (e.g., network security, endpoint security, cloud security, application security).
• Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), or OSCP are highly desirable.
• Exceptional analytical, problem-solving, and critical thinking skills, with the ability to quickly assess complex security challenges.
• Outstanding written and verbal communication skills, including the ability to present complex technical information clearly and persuasively to both technical and executive audiences.
• Proven track record of successfully delivering complex security projects and building strong client relationships.
• Ability to work independently, manage multiple client engagements, and adapt to rapidly changing priorities.