1 832 Security Leadership jobs in Bahrain

• Identify, assess, and manage information security risks.
• Conduct vulnerability assessments and penetration testing.
• Develop and implement security policies and procedures.
• Monitor security systems and respond to incidents.
• Ensure compliance with relevant security standards and regulations.
• Develop and execute incident response and disaster recovery plans.
• Provide security awareness training to employees.
• Collaborate with IT and business units on security initiatives.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 4 years of experience in information security, with a focus on risk management.
• Proficiency in cybersecurity frameworks (e.g., NIST, ISO 27001).
• Experience with vulnerability assessment and penetration testing tools.
• Strong understanding of network security, application security, and data protection.
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications such as CISSP, CISM, or CompTIA Security+ are a plus.
• Ability to work effectively in a remote team environment.

• Conduct comprehensive information security risk assessments across various systems, applications, and business processes.
• Develop and implement risk mitigation strategies and security controls in line with industry best practices and regulatory requirements (e.g., ISO 27001, NIST).
• Monitor and analyze security threats, vulnerabilities, and incidents, providing timely and effective responses.
• Develop and maintain information security policies, standards, and procedures.
• Perform security audits and compliance checks to ensure adherence to internal policies and external regulations.
• Manage vulnerability scanning and penetration testing programs, and coordinate remediation efforts.
• Design and implement security awareness training programs for employees.
• Collaborate with IT and business units to integrate security considerations into project lifecycles.
• Stay updated on the latest cybersecurity trends, threats, and technologies.
• Develop and manage incident response plans and conduct post-incident reviews.
• Analyze security metrics and key risk indicators (KRIs) to report on the organization's security posture.
• Provide expert advice and guidance on information security matters to stakeholders at all levels.
• Manage third-party risk assessments and ensure vendor compliance with security requirements.

• Bachelor's degree in Information Security, Computer Science, Cybersecurity, or a related field. Master's degree or relevant certifications are highly desirable.
• Minimum of 7 years of experience in information security, with a strong focus on risk management, vulnerability assessment, and compliance.
• Relevant certifications such as CISSP, CISM, CRISC, or CISA are strongly preferred.
• In-depth knowledge of cybersecurity frameworks (NIST, ISO 27001, SOC 2) and risk assessment methodologies.
• Experience with security technologies including SIEM, IDS/IPS, firewalls, and endpoint security solutions.
• Strong understanding of threat intelligence and incident response procedures.
• Excellent analytical, problem-solving, and critical-thinking skills.
• Exceptional written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.
• Proven ability to work independently and manage multiple priorities in a remote work environment.
• Experience in the financial services or fintech industry is a plus.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

• Monitor security alerts and logs from various security tools (SIEM, IDS/IPS, firewalls, endpoint security solutions) to detect and respond to potential security incidents.
• Perform threat hunting activities to proactively identify and mitigate emerging threats.
• Conduct vulnerability assessments and penetration testing to identify security weaknesses.
• Investigate security breaches, analyze root causes, and develop remediation plans.
• Implement and maintain security policies, standards, and procedures.
• Assist in the development and execution of incident response plans.
• Provide security awareness training to employees.
• Evaluate and recommend new security technologies and solutions.
• Collaborate with IT teams to ensure secure system configurations and deployments.
• Stay current with the latest cybersecurity trends, threats, and best practices.
• Manage and configure security tools and platforms.
• Participate in security audits and compliance reviews.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in information security or a related role.
• Proficiency with SIEM tools (e.g., Splunk, QRadar), IDS/IPS, firewalls, and antivirus/endpoint detection and response (EDR) solutions.
• Strong understanding of network security principles, protocols, and technologies.
• Experience with vulnerability assessment tools (e.g., Nessus, Qualys) and penetration testing methodologies.
• Knowledge of common attack vectors and threat actor tactics, techniques, and procedures (TTPs).
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills.
• Relevant security certifications such as CompTIA Security+, CEH, or CISSP are highly desirable.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Experience with cloud security concepts (AWS, Azure, GCP) is a plus.

• Monitor security alerts and events to detect and respond to potential threats.
• Conduct vulnerability assessments and penetration testing to identify system weaknesses.
• Implement and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions.
• Develop and enforce security policies, standards, and procedures.
• Respond to security incidents, conduct forensic analysis, and implement remediation actions.
• Analyze security logs and system activities to identify anomalies and patterns of compromise.
• Manage and maintain Security Information and Event Management (SIEM) systems.
• Conduct security awareness training for employees.
• Participate in security audits and ensure compliance with relevant regulations.
• Stay current with emerging cybersecurity threats, vulnerabilities, and technologies.
• Collaborate with IT teams to implement security best practices in system design and deployment.
• Develop and maintain security documentation, including incident response plans and risk assessments.
• Evaluate and recommend new security tools and technologies.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 4 years of experience in information security or cybersecurity roles.
• Strong knowledge of network security, operating systems security, and application security.
• Experience with security tools such as SIEM, IDS/IPS, firewalls, and vulnerability scanners.
• Understanding of security frameworks and compliance standards (e.g., ISO 27001, NIST).
• Excellent analytical, problem-solving, and investigative skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts clearly.
• Relevant security certifications such as CISSP, CompTIA Security+, or CEH are highly desirable.
• Ability to work effectively in a team environment and manage multiple priorities.