3 201 Information Security jobs in Bahrain

Job purpose

• Overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
• Responsible for the organization's data privacy and protection function to ensure compliance with various regulations and best practices.

2. Primary Duties Performed

• Develop and maintain the cybersecurity Risk Management Framework of the organization for addressing the overall approach for handling cybersecurity risks and managing them in a methodological manner.

• Evaluate employees' information security awareness and provide the necessary training whenever is needed.

• Conduct frequent reviews on Vulnerability Assessment and Penetration Testing (VAPT) and manage vulnerabilities.

• Define the necessary controls to ensure all regulatory requirements related to cybersecurity are met, designed effectively with clear documentation.

• Identify the critical assets of the organization and ensure implementation of risk identification and management strategies for these critical assets.
• To assess technology projects to ensure that cybersecurity is adequately addressed.
• Responsible to identifying and managing cybersecurity risk for all third-party technology engagements and all cloud computing engagements.
• Evaluates and recommends cybersecurity technologies and solutions.
• Review cybersecurity & Risk Management manual and recommend necessary updates.
• Act as Data Protection Officer to identify and evaluate the Company's data processing activities.
• Monitor data management procedures and compliance within the Company.
• Assess Company compliance with Data Protection Private Law.
• Provide advice and arrange training to employees on Data Protection.
• Review and recommend updates on Data Protection Manual.
• Serve as the point of contact between the company and the data protection authorities.
• Performs other related duties assigned by the department head.

3. Secondary Duties Performed

• Assist in implementing risk management framework, policies and programs covering business, financial, operational, technological, and regulatory risks.
• Assist in the development and management of controls and business contingency plans.
• Maintain and update organizational risk register.
• Oversee the regular validation and testing of the Company Business Continuity Plan.
• Review Risk Management manual and recommend necessary updates.

4. Work & Business Contacts

Internal

• Management team and staff.

External

• Regulatory Bodies: Central Bank of Bahrain and Personal Data Protection Authority.
• Law Firms and Legal Advisors.
• Internal and External Auditors.
• VAPT vendors.

Division / Department: Risk Management

Incumbent Reports to: Manager – Risk & Project Management

Roles & Responsibilities:

• Monitoring the system and ensuring the system is available 24/7.
• Maintain best practices and security standards.
• Design and implement security solutions that protect the organization's On-prem / cloud infrastructure, applications, and data from security threats.
• Conduct regular security assessments of the organization's On-prem / cloud environment to identify potential security vulnerabilities and recommend appropriate remediation measures.
• Configure and maintain various security tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems to ensure optimal protection against security threats.
• Regularly monitor the syslogs and take corrective actions if any security breaches or vulnerabilities are found in the logs.
• Run VAPT tools to mitigate security vulnerabilities.
• Manage access controls for cloud resources, including user authentication and authorization, identity and access management (IAM), and network security groups (NSGs).
• Monitor the On-prem / cloud environment for security incidents and respond promptly to any security breaches or threats.
• Create and maintain security policies and procedures for the organization's On-prem / cloud environment, including disaster recovery plans, incident response plans, and security awareness training for employees.
• Keep up-to-date with the latest security trends and best practices to ensure that the organization's On-prem / cloud environment remains secure against evolving security threats.
• Review and apply the WAF policies to protect against DDoS and application-related attacks.
• Test the WAF rules and ensure they block malicious traffic.

Qualifications & Technical Skills:

1. Minimum of 10 years of experience.

• B.Sc. in Computer Engineering or Equivalent.

• Security Incident Handling & Response

• Security Management Frameworks

• Firewall/IDS/IPS (Palo Alto, Fortinet, Cisco, etc.)

• Vulnerability Management (VAPT)

• SIEM Management

• Data Management Protection

• Advanced Malware Prevention

• Identity & Access Management

• AWS: IAM, KMS, VPC, Security Groups, Network ACLs, VPC endpoints, CloudWatch, VPC Flow Logs

• Logging and Monitoring, SIEM, Syslog

• CloudFront, WAF and Certificate Management

• Technical Certifications like CEH, Security+, CISSP, etc.

Conduct thorough security audits to identify vulnerabilities and implement actionable improvements.

Develop and enforce robust Privilege Access Management (PAM) strategies to protect sensitive resources.

Create and maintain Security Hardening Guidelines in compliance with CIS or SITG Benchmarks, ensuring secure configurations across all systems.

Design and deploy automated processes for cybersecurity tasks using Python scripting.

Manage the organization’s Vulnerability Management Program, including regular scanning, assessment, remediation, and reporting.

Implement and oversee Security Automation processes to streamline threat detection, incident response, and compliance checks.

Continuously monitor security systems to detect, respond to, and resolve potential incidents promptly.

Respond to cybersecurity incidents with effective containment, resolution, and detailed after-action reporting.

Collaborate with IT, DevOps, and other teams to embed security practices into all phases of the SDLC.

Monitor and maintain security tools such as SIEM, IDS/IPS, DLP, and endpoint protection solutions.

Oversee the design, implementation, and management of security architectures for cloud-based and on-premise infrastructures.

Perform periodic reviews of firewall configurations, user access controls, and other security mechanisms to optimize protection.

Maintain the organization’s cybersecurity framework and ensure alignment with industry standards and regulations.

Proactively evaluate and deploy emerging cybersecurity technologies to mitigate evolving threats.

Act as the primary contact for security incidents and collaborate with external teams for escalated support.

Provide leadership in implementing threat intelligence strategies, ensuring continuous improvement of the organization's security posture.

Threat Detection and Response using any of these tools (Microsoft Defender XDR, Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Defender for Endpoint).

Vulnerability Management using any of these tools (Nessus, Qualys, OpenVAS).

Privilege Access Management (PAM) using any of these tools (Wallix, CyberArk, BeyondTrust).

Security Automation and Orchestration using any of these tools (Python, Splunk Phantom, Cortex XSOAR, Azure Sentinel).

DevSecOps using any of these tools (SonarQube, GitHub Actions, AWS CodePipeline).

Security Hardening and Compliance using any of these tools (CIS Benchmarks, SITG Benchmarks, Qualys Policy Compliance).

Cloud Security using any of these tools (AWS Security Hub, Azure Security Center, Microsoft Defender for Cloud).

Network Security using any of these tools (Palo Alto Networks, Fortinet, Cisco ASA, Snort, Suricata).

Endpoint Security using any of these tools (Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne).

Bachelor’s degree in computer science, information technology, cybersecurity, or a related field (master’s degree preferred).

A minimum of 5–8 years of experience in cyber security.

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):

Overview

Delivery Consultant - Infrastructure and Security, Professional Services role at Amazon Web Services (AWS). In this role, you will work closely with customers to design, implement, and manage AWS solutions that meet their technical requirements and business objectives. You will be a key player in driving customer success through their cloud journey, providing technical expertise and best practices throughout the project lifecycle.

• Designing and implementing complex, scalable, and secure AWS solutions tailored to customer needs
• Providing technical guidance and troubleshooting support throughout project delivery
• Collaborating with stakeholders to gather requirements and propose effective migration strategies
• Acting as a trusted advisor to customers on industry trends and emerging technologies
• Sharing knowledge within the organization through mentoring, training, and creating reusable artifacts

The AWS Professional Services (ProServe) team helps customers realize their desired business outcomes when using the AWS Cloud. We work with customer teams and the AWS Partner Network (APN) to execute enterprise cloud computing initiatives, delivering guidance through global specialty practices that cover a variety of solutions, technologies, and industries.

• 7+ years of experience as a technical specialist in customer-facing roles
• Experience driving discussions with senior personnel regarding trade-offs, best practices, project management and risk mitigation
• Hands-on experience leading the design, development and deployment of business software at scale or current hands-on technology infrastructure, including networking, compute, storage, and virtualization
• Experience with automation and scripting (e.g., Terraform, Python) and application migration and modernization
• Strong communication skills with the ability to explain technical concepts to both technical and non-technical audiences

• Bachelor’s degree, or equivalent experience, in Computer Science, Engineering, Mathematics or a related field
• AWS experience preferred, with proficiency in a wide range of AWS services (e.g., EC2, S3, RDS, Lambda, IAM, VPC, CloudFormation)
• Experience in an Architect role or similar with a strong track record of implementing AWS services in distributed environments
• Large-scale migration experience (Data Center to Data Center and/or Data Center to Cloud)
• Infrastructure automation through DevOps scripting (e.g., shell, Python, Ruby, PowerShell)

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation during the application and hiring process, including support for the interview or onboarding process, please visit the AWS accommodations page for more information.

Amazon Web Services EMEA SARL, Branch of a Foreign Company

Overview

We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions – at the high end we are looking for deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors. We have more junior roles for exceptional individuals with a proven personal interest and engagement in cyber attack and defence, and outstanding academic and career performance even if experience is limited.

Our goal is to build an entirely new level of assurance and observable rigour into the open source supply chain. We have our own estate to monitor, but more broadly our goal is to raise the robustness of the entire global Ubuntu estate through the work of this team. The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack. The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

• Implement and evolve Canonical's SecOps security standards and playbooks
• Analyse and improve Canonical's security architecture
• Evaluate, select and implement new security tools and practices
• Identify, contain and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open source threat intelligence initiatives
• Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
• Develop Canonical SecOps learning and development materials
• Publish blog posts, whitepapers and conference presentations
• Identify, implement and track SecOps KPIs
• Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
• Work with Security leadership to present information and influence change

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Expertise in threat modelling and risk management frameworks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to, and consuming, threat intelligence feeds
• Experience in security risk management frameworks such as NIST CSF
• Experience with security standards such as ISO 27001

• Experience in a security operations team or a security operations centre (SOC)
• Experience in offensive or defensive security teams with hands-on ability
• Experience with state-actor and other advanced persistent threats

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer. We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

VAM Systems is a Business Consulting, IT Solutions and Services company.

VAM Systems is currently looking for Security Architect for our Bahrain operations with the following skillsets & terms and conditions:

Years of Experience: 11-15 Years

Education Qualification: BE Computer Science and Engineering

Certifications required: CISSP, CCSP, CEH, CCNP, AWS, Azure, Java, Python, VB

Professional Training Required: Azure Solutions Architect, AWS Solution Architect, Secure Software Development and Programming.

Skills:

• Proficiency and working knowledge in technology stacks used in application development, especially secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• In-depth knowledge in software design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews, and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding of security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, security principles of routing, authentication, VPN, proxy services, and DDoS mitigation technology.
• Expertise in the architecture of information security systems.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.

Job Responsibilities:

• Perform security analysis, develop robust security architecture, and integrate security solutions into the Bank's Group environment ensuring the confidentiality, integrity, and availability of the bank’s information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend security controls to address security risks.
• Research and recommend/implement the security standards, systems, and best practices.
• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Evaluate and implement information security technologies and countermeasures against threats to information.
• Review technical service requests and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure end-to-end security.
• Develop security baseline for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices, and ensure efficacy.
• Provide security architectural guidance to IT Project Managers.
• Understand the risk and weakness in applications.
• Secure application design and architecture, and conduct application security testing.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

Company : Gulf Air Group

Division : Information Technology

Location : (Location)

Department : Information Technology

Closing Date : 18-Feb-2025

To architect, design, plan, implement and support all Safety and Security systems, as a technical expert in these areas, to provide the company with the necessary Safety and Security services to achieve its strategic objectives.

1. Monitor, maintain and support services, within specialism area, to ensure the security, integrity and access to these critical information assets by ICT's internal and external customers.
   Monitor, manage and maintain solutions to ensure maximum uptime.
   Perform daily systems monitoring, including verifying the integrity and availability of all solution resources, capacity management, reviewing system and application logs, and verifying completion of scheduled jobs.
   Manage solution enhancements to improve business performance.
   Perform systems maintenance and management, including solution administration, upgrades, audits and user account management.
   Develop and improve efficient and reliable deployment and maintenance strategies.
   Draft and maintain solution architecture, configuration and operating procedure documentation on a continuous basis.
   Advise on solution security, backups, and disaster recovery needs.
   Ensure that all requests for support are dealt with according to set standards and procedures.
2. Perform and conduct Enterprise ICT activities as per service level agreements to ensure ICT's internal and external customers are provided with the required uninterrupted services to achieve their objectives.
   Develop implementation plans for complex requests for change. Lead the assessment, analysis, development, documentation and implementation of changes based on requests for change.
   Ensure that incidents are handled according to agreed procedures. Analyze causes of incidents, and inform service owners in order to minimize probability of recurrence to contribute to service improvement.
   Ensure that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Coordinate the implementation of agreed remedies and preventative measures.
   Monitor and report on supplier performance, customer satisfaction, and market intelligence. Engage proactively and collaboratively with suppliers to resolve incidents, problems, or unsatisfactory performance.
   Analyze service availability, reliability, maintainability and serviceability. Ensure that services meet and continue to meet all of their agreed performance targets and service levels.
   Document and maintain IT assets, inclusive of software, hardware and licenses, within specialism area, and act to highlight and resolve potential instances of unauthorized assets such as unlicensed copies of software.
   Be available for off-hours planned service windows, as well as other off-hours maintenance work as and when required.
   Provide 24x7 on call day-to-day support on specialism area solutions and services.
3. Perform and conduct DevOps activities to deliver, evolve and improve services at a high velocity to better meet the demand of ICT's internal and external customers.
   Implement, configure and maintain tools, including automation, to identify, track, log and maintain accurate, complete and current information on service configurations, within specialism area.
   Design, implement and maintain system, within specialism area, integrations with internal and external systems to ensure that they meet functional requirements, interface specifications and ICT's security and governance standards and policies.
   Collaborate with technical teams to develop and agree system integration plans. Assist in database support activities.
   Use system management tools to collect and report on load and performance statistics and to automate the provisioning, testing and deployment of new and changed system components.
   Design, code, verify, test, document, amend and refactor complex programs, scripts or integrations, within specialism area.
   Create test cases using in-depth technical analysis of both functional and non-functional specifications such as reliability, efficiency, usability, maintainability and portability. Produce test scripts and materials to test new and amended software or services.
4. Design, implement and maintain digital transformation initiatives and associated architectures, as assigned by Manager, to meet the demand of ICT's internal and external customers to ensure they achieve their objectives and improve business value.
   Technical solution architecture design, planning, implementation and the highest level of performance tuning.
   Design components and modules using appropriate modelling techniques and recommend designs that take into account target environment, existing systems and performance and security requirements.
   Adopt appropriate systems design methods, tools and techniques, as promulgated by section Director, in the translation of planned architecture into working solutions.
   Produce specifications of cloud-based or on premises components, tiers and interfaces for translation into detailed designs of services and products.
   Monitor system performance and implement performance tuning.
   Determine opportunities for improvement of the current solutions and assess future enhancements.
   Investigate new and emerging technologies and where possible automate manual tasks.
5. Plan and co-ordinate activities to manage and implement the full project management lifecycle for complex projects from initiation to final operational stage, including the transition into “business-as-usual”, to ensure delivery within scope, schedule and budget.
   Plan and drive scoping, requirements definition and prioritization activities for large and complex initiatives.
   Investigate operational requirements, problems, and opportunities, seeking effective business solutions.
   Review business cases and determine appropriate procurement routes.
   Evaluate the quality of project outputs against agreed service acceptance criteria.
   Oversee and measure the fulfillment of contractual obligations using key performance indicators.
   Support programme or project control boards and provide basic guidance on individual project proposals.

A Diploma degree as minimum to accept while a BSc. Degree in Computer Science or equivalent is preferred.

A minimum of 0-2 years’ experience in related field.

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application, you would need the following document(s):

Key responsibilities, accountabilities and activities

• Perform security analysis, develop robust security architecture, and ingrain security solutions into the company environment ensuring the confidentiality, integrity and availability of the company's information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend controls to address risks and enhance the architecture as needed.

Research and recommend/implement the security standards, systems, and best practices.

• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Collaborating with team to develop and implement information security architecture frameworks and strategies. This includes developing security architecture for applications, cloud technologies and various Information Security control systems.
• Review technical service request and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure the end-to-end security.
• Conduct security reviews of business applications to identify weaknesses, recommend mitigation controls, perform thorough security testing, ensure secure design and architecture, and implement secure coding practices for input validation.
• Conduct security reviews of business applications to identify weaknesses, recommend mitigation controls, perform thorough security testing, ensure secure design and architecture, and implement secure coding practices for input validation.
• Provide security architectural guidance to IT.
• Understand the risk and weakness in applications and providing expert guidance and recommendations.
• Secure application design and architecture, and application security testing.
• Developing security baselines for all critical applications and ensuring their efficacy.

Background, Qualifications & Experience

• Bachelor's degree in computer science or a related field.
• 7 - 10 years of relevant experience.
• Secure Software Development and Programming experience.
• Professional Certifications Desired: CEH, CCNP, AWS, Azure, Java, Python, VB
• Fluency in English.
• Understanding of existing & emerging technologies.

Job Type: Contract

Contract length: 12 months

Pay: BD2, BD2, per month