379 Security Audit jobs in Bahrain

The Information Security Specialist supports the Head of Information Security and Business Continuity in safeguarding the bank’s critical information assets and ensuring the resilience of its operations. This role is responsible for implementing and maintaining comprehensive information security measures, business continuity plans, and disaster recovery strategies that protect the bank’s systems, data, and services from cybersecurity threats and operational disruptions.

The Specialist will contribute to the bank's proactive risk management approach by identifying vulnerabilities, responding to incidents, ensuring regulatory compliance, and leading initiatives to enhance business continuity. In addition, this role involves coordinating BCP and DR activities, conducting regular testing, and ensuring the organization’s preparedness for crises or emergencies.

Reporting directly to the Head of Information Security and Business Continuity, the Specialist will collaborate closely with IT and other departments and business units to integrate security and business continuity frameworks into the bank’s operational processes, supporting a secure and resilient environment that enables the bank to achieve its strategic objectives.

Responsibilities of the role:

Information Security:

• Develop, implement, and maintain information security policies, procedures, and standards in alignment with PCI-DSS and regulatory requirements.
• Monitor, analyze, and respond to security incidents, vulnerabilities, and threats across the bank’s IT systems and networks
• Conduct periodic risk assessments and gap analyses to identify security weaknesses and develop mitigation strategies
• Coordinate internal and external audits related to information security; ensure timely closure of audit findings
• Provide security awareness training to staff and promote a culture of information security
• Support secure configuration and change management processes across IT assets and infrastructure
• Work with IT and other departments to ensure security is embedded into system design and operational processes
• Stay up to date with current cyber threats and trends, and recommend appropriate risk mitigation measures

Business Continuity:

• Develop and maintain the bank’s business continuity management frameworks in line with the bank’s and regulatory guidelines
• Conduct business impact analyses (BIAs) and risk assessments across business units to identify critical functions and recovery priorities
• Lead the development, testing, and continuous improvement of BCP and DR plans to ensure organizational resilience.
• Coordinate with IT, facilities, and business teams to ensure recovery strategies are effective and practical.
• Conduct regular BCP/DR drills and exercises, and report findings with actionable recommendations.
• Liaise with regulatory bodies, auditors, and stakeholders to ensure compliance and readiness.
• Maintain documentation and evidence of BCM program activities and test results.

Areas of Knowledge, Qualification and Experience

• Atleast 5 years of experience working within a Banking Environment
• Bachelors Degree in Computer Science / Cyber Security background.
• Relevant certifications from ISC2, ISACA, SANS are highly preferred
• In-depth understanding of global information security standards (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls) and regulatory requirements (e.g., CBB, PCI-DSS). Ability to implement and manage these frameworks within a banking context.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

• Developing and executing a comprehensive information security strategy aligned with business objectives.
• Overseeing the implementation and management of security controls, policies, and procedures.
• Managing security operations, including threat monitoring, vulnerability management, and incident response.
• Conducting regular risk assessments and developing mitigation strategies for identified vulnerabilities.
• Ensuring compliance with industry regulations, such as GDPR, ISO 27001, and other relevant standards.
• Leading and mentoring the information security team, fostering a culture of security awareness.
• Managing relationships with third-party vendors and service providers related to security.
• Developing and delivering security awareness training programs for employees.
• Overseeing the development and maintenance of business continuity and disaster recovery plans.
• Managing security budgets and resources effectively.
• Staying up-to-date with emerging security threats and technologies to proactively adapt security measures.
• Leading security audits and assessments, and ensuring remediation of findings.

• Plan, conduct, and document information security audits across various IT systems, networks, and applications.
• Assess the design and operating effectiveness of security controls against established frameworks (e.g., NIST, ISO 27001, SOC 2).
• Identify security vulnerabilities, control weaknesses, and compliance gaps.
• Develop clear and concise audit reports, including findings, recommendations, and remediation plans.
• Follow up on audit findings to ensure timely and effective implementation of remediation actions.
• Collaborate with IT, security, and business teams to gather information and evidence for audits.
• Stay current with evolving security threats, vulnerabilities, and relevant regulatory requirements.
• Assist in the development and refinement of audit methodologies and procedures.
• Evaluate the effectiveness of incident response plans and business continuity processes.
• Perform security risk assessments as part of the audit process.
• Communicate audit findings and recommendations to stakeholders at various levels.
• Provide guidance and support to business units on security best practices and compliance requirements.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications such as CISSP, CISA, CRISC, or equivalent are highly desirable.
• Minimum of 4-6 years of experience in information security, IT auditing, or risk management.
• Strong understanding of IT security principles, frameworks, and best practices.
• Experience with various types of security audits, including IT general controls, application security, and network security.
• Knowledge of regulatory compliance requirements relevant to the industry.
• Excellent analytical, critical thinking, and problem-solving skills.
• Strong written and verbal communication skills, with the ability to present complex information clearly.
• Proficiency in audit tools and techniques.

• Monitoring security alerts and logs from various security tools (SIEM, IDS/IPS, firewalls, antivirus).
• Identifying, analyzing, and responding to security incidents and threats in a timely manner.
• Conducting vulnerability assessments and penetration testing to identify weaknesses in systems and applications.
• Implementing and managing security controls and technologies, such as firewalls, endpoint protection, and access controls.
• Developing and updating security policies, procedures, and guidelines.
• Assisting in the development and delivery of security awareness training for employees.
• Performing risk assessments and implementing mitigation strategies.
• Staying up-to-date with the latest cybersecurity threats, trends, and technologies.
• Collaborating with IT teams to ensure secure system configurations and implementations.
• Participating in security audits and compliance activities.

• Developing and executing the organization's information security strategy.
• Implementing and managing security controls, including firewalls, intrusion detection/prevention systems, and endpoint security.
• Conducting regular risk assessments and vulnerability scans.
• Leading incident response efforts to mitigate security breaches.
• Developing and delivering security awareness training programs for employees.
• Ensuring compliance with data privacy regulations and industry security standards (e.g., ISO 27001, NIST).
• Managing security technologies and recommending upgrades or new solutions.
• Collaborating with IT teams to integrate security into all aspects of technology infrastructure.