445 Security Audits jobs in Bahrain

• Develop, implement, and manage information security policies, procedures, and standards.
• Conduct regular vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Monitor security infrastructure (firewalls, IDS/IPS, SIEM) for suspicious activities and potential threats.
• Investigate and respond to security incidents, including malware infections, data breaches, and unauthorized access.
• Develop and deliver security awareness training programs for employees.
• Ensure compliance with relevant industry regulations and data protection laws (e.g., GDPR, ISO 27001).
• Manage security solutions, including endpoint protection, encryption, and access control systems.
• Conduct risk assessments and develop mitigation strategies for identified risks.
• Collaborate with IT teams to implement secure system configurations and network designs.
• Stay abreast of the latest cybersecurity threats, trends, and technologies.
• Assist in the development and testing of disaster recovery and business continuity plans.
• Prepare detailed reports on security posture, incidents, and recommendations for management.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 5-7 years of experience in information security or cybersecurity roles.
• Relevant security certifications such as CISSP, CISM, CEH, or CompTIA Security+.
• In-depth knowledge of network security principles, cryptography, and security frameworks.
• Experience with security tools and technologies (firewalls, IDS/IPS, SIEM, vulnerability scanners).
• Strong understanding of risk assessment methodologies and incident response procedures.
• Excellent analytical, problem-solving, and investigative skills.
• Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical audiences.
• Experience in the financial services sector is a plus.
• Ability to work independently and as part of a collaborative team.

The Information Security Specialist supports the Head of Information Security and Business Continuity in safeguarding the bank’s critical information assets and ensuring the resilience of its operations. This role is responsible for implementing and maintaining comprehensive information security measures, business continuity plans, and disaster recovery strategies that protect the bank’s systems, data, and services from cybersecurity threats and operational disruptions.

The Specialist will contribute to the bank's proactive risk management approach by identifying vulnerabilities, responding to incidents, ensuring regulatory compliance, and leading initiatives to enhance business continuity. In addition, this role involves coordinating BCP and DR activities, conducting regular testing, and ensuring the organization’s preparedness for crises or emergencies.

Reporting directly to the Head of Information Security and Business Continuity, the Specialist will collaborate closely with IT and other departments and business units to integrate security and business continuity frameworks into the bank’s operational processes, supporting a secure and resilient environment that enables the bank to achieve its strategic objectives.

Responsibilities of the role:

Information Security:

• Develop, implement, and maintain information security policies, procedures, and standards in alignment with PCI-DSS and regulatory requirements.
• Monitor, analyze, and respond to security incidents, vulnerabilities, and threats across the bank’s IT systems and networks
• Conduct periodic risk assessments and gap analyses to identify security weaknesses and develop mitigation strategies
• Coordinate internal and external audits related to information security; ensure timely closure of audit findings
• Provide security awareness training to staff and promote a culture of information security
• Support secure configuration and change management processes across IT assets and infrastructure
• Work with IT and other departments to ensure security is embedded into system design and operational processes
• Stay up to date with current cyber threats and trends, and recommend appropriate risk mitigation measures

Business Continuity:

• Develop and maintain the bank’s business continuity management frameworks in line with the bank’s and regulatory guidelines
• Conduct business impact analyses (BIAs) and risk assessments across business units to identify critical functions and recovery priorities
• Lead the development, testing, and continuous improvement of BCP and DR plans to ensure organizational resilience.
• Coordinate with IT, facilities, and business teams to ensure recovery strategies are effective and practical.
• Conduct regular BCP/DR drills and exercises, and report findings with actionable recommendations.
• Liaise with regulatory bodies, auditors, and stakeholders to ensure compliance and readiness.
• Maintain documentation and evidence of BCM program activities and test results.

Areas of Knowledge, Qualification and Experience

• Atleast 5 years of experience working within a Banking Environment
• Bachelors Degree in Computer Science / Cyber Security background.
• Relevant certifications from ISC2, ISACA, SANS are highly preferred
• In-depth understanding of global information security standards (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls) and regulatory requirements (e.g., CBB, PCI-DSS). Ability to implement and manage these frameworks within a banking context.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

• Monitor security alerts and events using SIEM tools.
• Conduct vulnerability assessments and penetration testing.
• Respond to and investigate security incidents, breaches, and anomalies.
• Develop and implement security policies, procedures, and best practices.
• Manage and configure security tools, including firewalls, IDS/IPS, and endpoint protection.
• Perform risk assessments and implement mitigation strategies.
• Ensure compliance with relevant data protection regulations and standards.
• Conduct security awareness training for employees.
• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Collaborate with IT teams to enhance overall security posture.

• Monitor security systems and networks for suspicious activities and potential breaches.
• Conduct regular vulnerability assessments and penetration tests to identify weaknesses in systems and applications.
• Develop and implement security policies, procedures, and guidelines to ensure compliance with industry standards and regulations.
• Respond to security incidents, investigate their root causes, and implement corrective actions to prevent recurrence.
• Install, configure, and maintain security software and hardware, including firewalls, intrusion detection/prevention systems, and antivirus solutions.
• Educate employees on information security best practices and conduct security awareness training.
• Analyze security logs and data to detect patterns and anomalies.
• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Collaborate with IT teams to ensure that security considerations are integrated into system design and development.
• Participate in risk assessments and develop mitigation strategies.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 4-6 years of experience in information security or a related IT security role.
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and best practices.
• Proficiency in security tools and technologies, such as SIEM, firewalls, IDS/IPS, endpoint protection, and vulnerability scanners.
• Experience with risk assessment methodologies and incident response procedures.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts to non-technical audiences.
• Relevant certifications such as CISSP, CompTIA Security+, or CEH are highly desirable.
• Ability to work independently and as part of a team in a dynamic environment.

• Plan and execute information security audits across various systems, applications, and business units.
• Assess the design and operating effectiveness of internal controls related to information security.
• Evaluate compliance with industry regulations (e.g., GDPR, PCI DSS) and internal policies.
• Identify security vulnerabilities, control weaknesses, and compliance gaps.
• Develop detailed audit findings, recommendations, and management reports.
• Conduct follow-up audits to ensure that remediation actions have been effectively implemented.
• Stay current with emerging threats, vulnerabilities, and relevant regulatory changes.
• Collaborate with IT, security, and business teams to gather information and discuss audit findings.
• Perform risk assessments to identify and prioritize information security risks.
• Contribute to the continuous improvement of the audit process and methodologies.

• Bachelor's degree in Information Technology, Computer Science, Accounting, or a related field.
• Minimum of 4 years of experience in information security auditing, IT auditing, or related risk management roles.
• Strong knowledge of information security principles, frameworks (e.g., NIST, ISO 27001), and best practices.
• Experience with auditing cloud environments (AWS, Azure) is highly desirable.
• Familiarity with common IT controls and audit techniques.
• Excellent analytical, critical thinking, and problem-solving skills.
• Strong report writing and communication skills, with the ability to articulate complex issues clearly.
• Relevant certifications such as CISA, CISSP, or CRISC are strongly preferred.
• Ability to work independently and manage audit projects effectively.
• High level of integrity and professionalism.

• Monitoring security alerts and events from various security tools (e.g., SIEM, IDS/IPS) to identify potential threats and breaches.
• Conducting vulnerability assessments and penetration testing to identify security weaknesses in systems and networks.
• Developing and implementing security policies, procedures, and best practices.
• Investigating and responding to security incidents, including containment, eradication, and recovery.
• Analyzing threat intelligence to anticipate and counter emerging cybersecurity risks.
• Implementing and managing security technologies such as firewalls, antivirus software, and endpoint detection and response (EDR) solutions.
• Conducting security awareness training for employees.
• Performing regular security audits and reviews to ensure compliance with regulatory requirements and industry standards.
• Assisting in the development and maintenance of disaster recovery and business continuity plans.
• Staying up-to-date with the latest cybersecurity threats, trends, and technologies.