11 Security Architect jobs in Bahrain

Job Purpose

The Senior Security Architect will play a key role in building and maintaining IT security solutions and controls for the Bank across new and emerging domains, including Cloud and Innovation. The role will involve developing end-to-end security for Bank ABC and handling any technical problems that arise. The Senior Security Architect will identify IT threats and vulnerabilities, design and build robust security architectures and serve as the “security point person” for technical and business security concerns.
The job holder will be architecting and managing change and implementation with existing and new technologies, reusing when appropriate and implementing when required.
The job requires in-depth knowledge and hard skills (e.g. secure cloud architecture, cryptographic practices, protocols, network and platform security etc.) as well as strong soft skills (e.g. communication and presentation skills, stakeholder management) and a good amount of hands-on previous work experience demonstrating these.

Principal Responsibilities, Accountabilities and Deliverables of Role

Research & Planning:

• Plan, research and design robust enterprise-wide security architectures for any IT or business projects aligned with industry frameworks (e.g. SABSA, TOGAF, NIST, CSA, ISO 27001)
• Develop threat use cases / scenarios to clearly depict threats to security architecture.
• Aligning new security solutions with existing technologies and designing and planning integration.
• Lead and coordinate assessment of existing and target / implemented architecture.

• Prepare cost estimates and identify integration issues for solutions and architectures
• Develop and maintain security reference architectures and roadmaps

• Understanding of Security Engineering outputs and able to oversee and incorporate into security planning
• Able to incorporate security measures into the existing, resultant or target architecture.
• Collaborate with DevOps, Cloud, and IT teams to embed security into CI/CD pipelines and infrastructure (DevSecOps)

• Define and maintain technical security patterns for secure systems and applications
• Design high level and low-level security architecture to meet business and technical requirements
• Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
• Identify and reuse security solutions and consider integration with other tools when designing security solutions.

• Coordinating the installation of security solutions and managing the configuration of said solutions.
• Identifying opportunities to automate processes and activities and coordinating implementation of automation.
• Identifying gaps in architecture and addressing these gaps through defining security requirements based on threat landscape / assessment.

• Coordinate the testing of security solutions
• Conduct threat modelling, risk assessments, and security architecture reviews.

• Expert knowledge in cryptography and Cloud Security solutions and able to research and understand new solutions.
• Expert knowledge of, and hands on experience in, securing AWS, Azure and GCP.

• Define, implement and maintain corporate security policies and procedures
• Monitor issues / remediation activities to ensure gap closure to fulfil security control objectives and meet mandatory external requirements.
• Be informed of changes to industry best practices, changes in architecture (e.g. Cloud) and work with third parties, vendors and the wider bank to design relevant security controls.
• Coordinate with other members of Group IT, Cyber & Information Security, and end user departments to sustain appropriate technical and procedural controls to support the industry mandatory security objectives.

• Develop and own a security strategy and deliver end-to-end including planning and roadmap development.

• Support incident response and security operations by providing architectural insights.

• Design and develop high level security architecture documents.
• Develop architecture patterns to address multiple / differing use cases.
• Develop and enhance Architecture Building Blocks (ABBs) and Solution Building Blocks (SBBs) and design architectures mapping to these building blocks
• Write comprehensive reports including documenting existing architecture and defining baseline and target architecture in terms of components, integration and capabilities, and aligning with business requirements.
• Prepare and document standard operating procedures and protocols.
• Prepare technical and business architecture documentation, as per the defined frequency, and keep it in a clear way to support the Bank and ensure it remains compliant all year round.
• Work in a team environment to educate and analyse security architectures and help develop other activities for reviewing and monitoring mandatory security controls.

• Will be the Product Owner, supporting the senior security architect in Product Owner responsibilities regarding specific security tools under the remit of the team.
• Will be the Product Owner for Microsoft security solutions with hand-on experience of MS Purview, Azure, AWS Security stack and security solutions, ensuring correct configuration, issues identified and resolved, develop processes/procedures and follow up on alerts
• Will be the Product Owner for HSM solution, ensuring correct configuration, issues identified and resolved, develop processes/procedures and manage associated activities (key life cycle management)
• Will be the Product Owner for Microsoft AIP solution, ensuring correct configuration, issues identified and resolved, develop processes/procedures and manage associated activities (classification labelling, handling DLP alerts)
• Will be the Product Owner for Bluecoat proxy / Fireglass solution, ensuring correct configuration, issues identified and resolved, define policies, develop processes/procedures and manage associated activities.

• Product Ownership & Collaboration :
  • Support the Senior Security Architect as the Product Owner for specific security tools within the team’s domain.
• Microsoft Security Solutions :
  • Serve as the Product Owner with expertise in:
    • MS Purview ,Azure Cloud, Active Directory ,Defender , O365 Security andMicrosoft AIP solutions
    • Ensure proper configuration and timely resolution of issues
    • Develop and implement effective processes and procedures
    • Good knowledge of activities and solving challenges relating to classification, labeling, and handling Data Loss Prevention (DLP)
    • Continuously monitor and follow up on security alerts
• HSM Solution Management :
  • Oversee the Hardware Security Module (HSM) as Product Owner:
    • Ensure accurate configuration
    • Identify and resolve issues efficiently
    • Develop and manage processes and procedures
    • Responsible for key lifecycle management

• Strong understanding of Cloud Computing Security, including AWS, Azure, Office 365, APIs and WEB services

• Strong knowledge in designing and implementing cryptographic solutions including PKI infrastructure, certificate management and deploying encryption technologies for systems, databases, applications across on-premises and cloud
• Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
• Deep knowledge of network, application, cloud and data security best practices
• Understanding of architecture frameworks (e.g. TOGAF, SABSA)
• Good knowledge and hands-on experience in security systems, including CASB, HSMs, web proxies and content filtering, DLP solutions, etc
• Detailed technical knowledge of operating system and Cloud CIS baseline
• Good knowledge of low-level and high-level security architecture design and development
• Good understanding of security design patterns
• Familiarity with regulatory and compliance requirements (e.g., CBB, GDPR, ISO 27001, PCI-DSS, SOC2)
• Broad understanding of the Information Security domains: Infrastructure Security, Access Management, Physical Security, Application Security, Security Compliance, and IT Change Management

• University degree with an IT and / or Cyber Security background

• Recognized and active Information Security and platform qualifications (e.g., CISSP, CISM, EC Council or SANS related certifications, AWS or other cloud specific certifications).
• Desirable Certifications: GIAC Defensible Security Architecture

• At least 8 years of work experience
• 3+ years of direct hands-on experience on configuring technical security solutions and working with Cloud Service Providers (including Azure, Office 365 and AWS) ideally within financial services
• Experience with threat modelling tools and methodologies (e.g., STRIDE, DREAD, MITRE ATT&CK)
• Experience in working with cryptographic solutions (e.g. HSM)
• Experience in developing high level architecture for the cloud and hands-on experience designing secure architectures in cloud environments (AWS, Azure, GCP)
• Strong understanding of IAM, MFA, authentication protocols (OAuth, SAML, OpenID Connect) and able to configure well known Security Solutions in this domain.
• Experience in securing APIs, containers and microservices
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Recent, full-time working experience with financial institutions
• Practical experience on working with cloud technologies and implementing security in hybrid and multi-cloud scenarios.

• Strong team player
• Fluent in English (mandatory)
• Ability to organise and prioritise tasks
• Able to conduct the role with minimum supervision
• Strong communication skills capable of dealing with wide range of internal and external stakeholders articulating security risks in business-friendly terms.

Get AI-powered advice on this job and more exclusive features.

VAM Systems is currently looking for a Security Architect for our Bahrain operations with the following skillsets & terms and conditions:

• Years of Experience : 7-10 Years
• Education Qualification : BE in Computer Science and Engineering
• Certifications required : CISSP, CCSP, CEH, CCNP, AWS, Azure, Java, Python, VB
• Professional Training Required : Azure Solutions Architect, AWS Solution Architect, Secure Software Development and Programming

• Proficiency and working knowledge in technology stacks used in application development, Web applications, especially secure application design.
• Deep knowledge of IT risks, cyber security, and operating systems like Windows, Linux, UNIX.
• In-depth knowledge of software design using programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security measures.
• Understanding of network protocols, Source Code Reviews, and OWASP Top 10 security practices.
• Knowledge of frameworks used in application development.
• Good understanding of security measures such as firewalls, IDS/IPS, network access controls, and segmentation.
• Knowledge of DNS, routing security principles, VPN, proxy services, and DDoS mitigation.
• Expertise in information security architecture and project management.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Security systems architecture.

• Perform security analysis, develop security architecture, and implement security solutions to ensure confidentiality, integrity, and availability of information.
• Develop security architecture for various security control systems.
• Conduct security risk assessments of new IT systems, design security controls, and improve security architecture.
• Review and recommend security controls for new technology solutions and applications.
• Research and implement security standards and best practices.
• Review system security, recommend and implement security enhancements.
• Manage security projects and evaluate security technologies.
• Review security requests and changes for risks.
• Follow Security by Design principles.
• Develop security baselines for all IT assets and ensure their efficacy.
• Provide security guidance to IT project managers.
• Identify application vulnerabilities and conduct security testing.

Bank

Joining time frame: 15-30 Days

• Executive

• Full-time

• Information Technology

• IT Services and IT Consulting

Referrals can increase your chances of interviewing at VAM Systems by 2x.

Get notified about new Security Architect jobs in Manama, Capital Governorate, Bahrain .

Bachelor of Technology/Engineering(Computers)

Nationality

Any Nationality

Vacancy

1 Vacancy

Job Description

Job Purpose

The Senior Security Architect will play a key role in building and maintaining IT security solutions and controls for the Bank across new and emerging domains, including Cloud and Innovation. The role will involve developing end-to-end security for Bank ABC and handling any technical problems that arise. The Senior Security Architect will identify IT threats and vulnerabilities, design and build robust security architectures and serve as the security point person for technical and business security concerns.
The job holder will be architecting and managing change and implementation with existing and new technologies, reusing when appropriate and implementing when required.
The job requires in-depth knowledge and hard skills (e.g. secure cloud architecture, cryptographic practices, protocols, network and platform security etc.) as well as strong soft skills (e.g. communication and presentation skills, stakeholder management) and a good amount of hands-on previous work experience demonstrating these.

Principal Responsibilities, Accountabilities and Deliverables of Role

Research & Planning:

• Plan, research and design robust enterprise-wide security architectures for any IT or business projects aligned with industry frameworks (e.g. SABSA, TOGAF, NIST, CSA, ISO 27001)
• Develop threat use cases / scenarios to clearly depict threats to security architecture.
• Aligning new security solutions with existing technologies and designing and planning integration.
• Lead and coordinate assessment of existing and target / implemented architecture.

• Prepare cost estimates and identify integration issues for solutions and architectures
• Develop and maintain security reference architectures and roadmaps

• Understanding of Security Engineering outputs and able to oversee and incorporate into security planning
• Able to incorporate security measures into the existing, resultant or target architecture.
• Collaborate with DevOps, Cloud, and IT teams to embed security into CI/CD pipelines and infrastructure (DevSecOps)

• Define and maintain technical security patterns for secure systems and applications
• Design high level and low-level security architecture to meet business and technical requirements
• Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
• Identify and reuse security solutions and consider integration with other tools when designing security solutions.

• Product Ownership & Collaboration :
  • Support the Senior Security Architect as the Product Owner for specific security tools within the team s domain.
• Microsoft Security Solutions :
  • Serve as the Product Owner with expertise in:
    • MS Purview , Azure Cloud, Active Directory , Defender , O365 Security and Microsoft AIP solutions
    • Ensure proper configuration and timely resolution of issues
    • Develop and implement effective processes and procedures
    • Good knowledge of activities and solving challenges relating to classification, labeling, and handling Data Loss Prevention (DLP)
    • Continuously monitor and follow up on security alerts
• HSM Solution Management :
  • Oversee the Hardware Security Module (HSM) as Product Owner:
    • Ensure accurate configuration
    • Identify and resolve issues efficiently
    • Develop and manage processes and procedures
    • Responsible for key lifecycle management

Desired Candidate Profile

Job Requirements
Knowledge

• Strong understanding of Cloud Computing Security, including AWS, Azure, Office 365, APIs and WEB services
• Strong knowledge in designing and implementing cryptographic solutions including PKI infrastructure, certificate management and deploying encryption technologies for systems, databases, applications across on-premises and cloud
• Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
• Deep knowledge of network, application, cloud and data security best practices
• Understanding of architecture frameworks (e.g. TOGAF, SABSA)
• Good knowledge and hands-on experience in security systems, including CASB, HSMs, web proxies and content filtering, DLP solutions, etc
• Detailed technical knowledge of operating system and Cloud CIS baseline
• Good knowledge of low-level and high-level security architecture design and development
• Good understanding of security design patterns
• Familiarity with regulatory and compliance requirements (e.g., CBB, GDPR, ISO 27001, PCI-DSS, SOC2)
• Broad understanding of the Information Security domains: Infrastructure Security, Access Management, Physical Security, Application Security, Security Compliance, and IT Change Management

Desired Candidate Profile

Job Requirements
Knowledge

• Strong understanding of Cloud Computing Security, including AWS, Azure, Office 365, APIs and WEB services

• Strong knowledge in designing and implementing cryptographic solutions including PKI infrastructure, certificate management and deploying encryption technologies for systems, databases, applications across on-premises and cloud
• Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
• Deep knowledge of network, application, cloud and data security best practices
• Understanding of architecture frameworks (e.g. TOGAF, SABSA)
• Good knowledge and hands-on experience in security systems, including CASB, HSMs, web proxies and content filtering, DLP solutions, etc
• Detailed technical knowledge of operating system and Cloud CIS baseline
• Good knowledge of low-level and high-level security architecture design and development
• Good understanding of security design patterns
• Familiarity with regulatory and compliance requirements (e.g., CBB, GDPR, ISO 27001, PCI-DSS, SOC2)
• Broad understanding of the Information Security domains: Infrastructure Security, Access Management, Physical Security, Application Security, Security Compliance, and IT Change Management

• University degree with an IT and / or Cyber Security background

• Recognized and active Information Security and platform qualifications (e.g., CISSP, CISM, EC Council or SANS related certifications, AWS or other cloud specific certifications).
• Desirable Certifications: GIAC Defensible Security Architecture

• At least 8 years of work experience
• 3+ years of direct hands-on experience on configuring technical security solutions and working with Cloud Service Providers (including Azure, Office 365 and AWS) ideally within financial services
• Experience with threat modelling tools and methodologies (e.g., STRIDE, DREAD, MITRE ATT&CK)
• Experience in working with cryptographic solutions (e.g. HSM)
• Experience in developing high level architecture for the cloud and hands-on experience designing secure architectures in cloud environments (AWS, Azure, GCP)
• Strong understanding of IAM, MFA, authentication protocols (OAuth, SAML, OpenID Connect) and able to configure well known Security Solutions in this domain.
• Experience in securing APIs, containers and microservices
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Recent, full-time working experience with financial institutions
• Practical experience on working with cloud technologies and implementing security in hybrid and multi-cloud scenarios.

• Strong team player
• Fluent in English (mandatory)
• Ability to organise and prioritise tasks
• Able to conduct the role with minimum supervision
• Strong communication skills capable of dealing with wide range of internal and external stakeholders articulating security risks in business-friendly terms.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

VAM Systems is a Business Consulting, IT Solutions and Services company.

VAM Systems is currently looking for Security Architect for our Bahrain operations with the following skillsets & terms and conditions:

Years of Experience: 11-15 Years

Education Qualification: BE Computer Science and Engineering

Certifications required: CISSP, CCSP, CEH, CCNP, AWS, Azure, Java, Python, VB

Professional Training Required: Azure Solutions Architect, AWS Solution Architect, Secure Software Development and Programming.

Skills:

• Proficiency and working knowledge in technology stacks used in application development, especially secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• In-depth knowledge in software design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews, and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding of security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, security principles of routing, authentication, VPN, proxy services, and DDoS mitigation technology.
• Expertise in the architecture of information security systems.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.

Job Responsibilities:

• Perform security analysis, develop robust security architecture, and integrate security solutions into the Bank's Group environment ensuring the confidentiality, integrity, and availability of the bank’s information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend security controls to address security risks.
• Research and recommend/implement the security standards, systems, and best practices.
• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Evaluate and implement information security technologies and countermeasures against threats to information.
• Review technical service requests and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure end-to-end security.
• Develop security baseline for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices, and ensure efficacy.
• Provide security architectural guidance to IT Project Managers.
• Understand the risk and weakness in applications.
• Secure application design and architecture, and conduct application security testing.

The Information Security Specialist supports the Head of Information Security and Business Continuity in safeguarding the bank’s critical information assets and ensuring the resilience of its operations. This role is responsible for implementing and maintaining comprehensive information security measures, business continuity plans, and disaster recovery strategies that protect the bank’s systems, data, and services from cybersecurity threats and operational disruptions.

The Specialist will contribute to the bank's proactive risk management approach by identifying vulnerabilities, responding to incidents, ensuring regulatory compliance, and leading initiatives to enhance business continuity. In addition, this role involves coordinating BCP and DR activities, conducting regular testing, and ensuring the organization’s preparedness for crises or emergencies.

Reporting directly to the Head of Information Security and Business Continuity, the Specialist will collaborate closely with IT and other departments and business units to integrate security and business continuity frameworks into the bank’s operational processes, supporting a secure and resilient environment that enables the bank to achieve its strategic objectives.

Responsibilities of the role:

Information Security:

• Develop, implement, and maintain information security policies, procedures, and standards in alignment with PCI-DSS and regulatory requirements.
• Monitor, analyze, and respond to security incidents, vulnerabilities, and threats across the bank’s IT systems and networks
• Conduct periodic risk assessments and gap analyses to identify security weaknesses and develop mitigation strategies
• Coordinate internal and external audits related to information security; ensure timely closure of audit findings
• Provide security awareness training to staff and promote a culture of information security
• Support secure configuration and change management processes across IT assets and infrastructure
• Work with IT and other departments to ensure security is embedded into system design and operational processes
• Stay up to date with current cyber threats and trends, and recommend appropriate risk mitigation measures

Business Continuity:

• Develop and maintain the bank’s business continuity management frameworks in line with the bank’s and regulatory guidelines
• Conduct business impact analyses (BIAs) and risk assessments across business units to identify critical functions and recovery priorities
• Lead the development, testing, and continuous improvement of BCP and DR plans to ensure organizational resilience.
• Coordinate with IT, facilities, and business teams to ensure recovery strategies are effective and practical.
• Conduct regular BCP/DR drills and exercises, and report findings with actionable recommendations.
• Liaise with regulatory bodies, auditors, and stakeholders to ensure compliance and readiness.
• Maintain documentation and evidence of BCM program activities and test results.

Areas of Knowledge, Qualification and Experience

• Atleast 5 years of experience working within a Banking Environment
• Bachelors Degree in Computer Science / Cyber Security background.
• Relevant certifications from ISC2, ISACA, SANS are highly preferred
• In-depth understanding of global information security standards (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls) and regulatory requirements (e.g., CBB, PCI-DSS). Ability to implement and manage these frameworks within a banking context.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

Roles & Responsibilities:

• Monitoring the system and ensuring the system is available 24/7.
• Maintain best practices and security standards.
• Design and implement security solutions that protect the organization's On-prem / cloud infrastructure, applications, and data from security threats.
• Conduct regular security assessments of the organization's On-prem / cloud environment to identify potential security vulnerabilities and recommend appropriate remediation measures.
• Configure and maintain various security tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems to ensure optimal protection against security threats.
• Regularly monitor the syslogs and take corrective actions if any security breaches or vulnerabilities are found in the logs.
• Run VAPT tools to mitigate security vulnerabilities.
• Manage access controls for cloud resources, including user authentication and authorization, identity and access management (IAM), and network security groups (NSGs).
• Monitor the On-prem / cloud environment for security incidents and respond promptly to any security breaches or threats.
• Create and maintain security policies and procedures for the organization's On-prem / cloud environment, including disaster recovery plans, incident response plans, and security awareness training for employees.
• Keep up-to-date with the latest security trends and best practices to ensure that the organization's On-prem / cloud environment remains secure against evolving security threats.
• Review and apply the WAF policies to protect against DDoS and application-related attacks.
• Test the WAF rules and ensure they block malicious traffic.

Qualifications & Technical Skills:

1. Minimum of 10 years of experience.

• B.Sc. in Computer Engineering or Equivalent.

• Security Incident Handling & Response

• Security Management Frameworks

• Firewall/IDS/IPS (Palo Alto, Fortinet, Cisco, etc.)

• Vulnerability Management (VAPT)

• SIEM Management

• Data Management Protection

• Advanced Malware Prevention

• Identity & Access Management

• AWS: IAM, KMS, VPC, Security Groups, Network ACLs, VPC endpoints, CloudWatch, VPC Flow Logs

• Logging and Monitoring, SIEM, Syslog

• CloudFront, WAF and Certificate Management

• Technical Certifications like CEH, Security+, CISSP, etc.

Job purpose

• Overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
• Responsible for the organization's data privacy and protection function to ensure compliance with various regulations and best practices.

2. Primary Duties Performed

• Develop and maintain the cybersecurity Risk Management Framework of the organization for addressing the overall approach for handling cybersecurity risks and managing them in a methodological manner.

• Evaluate employees' information security awareness and provide the necessary training whenever is needed.

• Conduct frequent reviews on Vulnerability Assessment and Penetration Testing (VAPT) and manage vulnerabilities.

• Define the necessary controls to ensure all regulatory requirements related to cybersecurity are met, designed effectively with clear documentation.

• Identify the critical assets of the organization and ensure implementation of risk identification and management strategies for these critical assets.
• To assess technology projects to ensure that cybersecurity is adequately addressed.
• Responsible to identifying and managing cybersecurity risk for all third-party technology engagements and all cloud computing engagements.
• Evaluates and recommends cybersecurity technologies and solutions.
• Review cybersecurity & Risk Management manual and recommend necessary updates.
• Act as Data Protection Officer to identify and evaluate the Company's data processing activities.
• Monitor data management procedures and compliance within the Company.
• Assess Company compliance with Data Protection Private Law.
• Provide advice and arrange training to employees on Data Protection.
• Review and recommend updates on Data Protection Manual.
• Serve as the point of contact between the company and the data protection authorities.
• Performs other related duties assigned by the department head.

3. Secondary Duties Performed

• Assist in implementing risk management framework, policies and programs covering business, financial, operational, technological, and regulatory risks.
• Assist in the development and management of controls and business contingency plans.
• Maintain and update organizational risk register.
• Oversee the regular validation and testing of the Company Business Continuity Plan.
• Review Risk Management manual and recommend necessary updates.

4. Work & Business Contacts

Internal

• Management team and staff.

External

• Regulatory Bodies: Central Bank of Bahrain and Personal Data Protection Authority.
• Law Firms and Legal Advisors.
• Internal and External Auditors.
• VAPT vendors.

Division / Department: Risk Management

Incumbent Reports to: Manager – Risk & Project Management