91 Threat Modeling jobs in Bahrain

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

• Develop and execute a robust information security strategy aligned with business objectives.
• Oversee the implementation and maintenance of security controls and technologies.
• Manage risk assessment processes, identifying and prioritizing security vulnerabilities.
• Lead the incident response team, coordinating efforts during security breaches and cyber-attacks.
• Ensure compliance with relevant data protection regulations and industry standards (e.g., ISO 27001, GDPR).
• Develop and deliver security awareness training programs for all employees.
• Manage security policies, procedures, and guidelines.
• Conduct regular security audits and penetration testing.
• Evaluate and recommend new security technologies and solutions.
• Collaborate with IT and other departments to integrate security into all business processes.
• Manage security budgets and vendor relationships.
• Provide leadership and mentorship to the information security team.

• Design, develop, and maintain enterprise-wide information security architecture and strategy.
• Evaluate and select security technologies and solutions, ensuring their integration into the existing IT infrastructure.
• Develop and enforce security policies, standards, and procedures across the organization.
• Conduct security risk assessments and vulnerability analyses, identifying potential threats and recommending mitigation strategies.
• Design and implement security controls for networks, applications, data, and cloud environments.
• Lead the development of security architecture reviews and provide recommendations for improvement.
• Collaborate with IT teams, business units, and external stakeholders to integrate security into all aspects of the business.
• Develop incident response plans and lead security breach investigations.
• Stay current with emerging security threats, technologies, and regulatory requirements.
• Provide technical guidance and mentorship to security analysts and engineers.
• Ensure compliance with relevant data privacy and security regulations.

• Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 8 years of progressive experience in information security, with at least 3 years in a security architecture role.
• Extensive knowledge of security frameworks (e.g., NIST, ISO 27001), risk management, and security best practices.
• Proven experience in designing and implementing security solutions for cloud environments (AWS, Azure, GCP).
• Proficiency in network security, endpoint security, identity and access management (IAM), and cryptography.
• Experience with security assessment tools and techniques.
• Strong understanding of application security and secure coding practices.
• Excellent analytical, problem-solving, and strategic thinking skills.
• Exceptional communication and presentation skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences.
• Relevant security certifications such as CISSP, CISM, or SABSA are highly preferred.

• Monitoring security alerts and events from various security tools (SIEM, IDS/IPS, firewalls).
• Investigating and responding to security incidents, including malware outbreaks and unauthorized access attempts.
• Conducting vulnerability assessments and penetration testing.
• Developing and implementing security policies, procedures, and guidelines.
• Assisting in the design and maintenance of security infrastructure, such as firewalls, VPNs, and intrusion detection systems.
• Performing security awareness training for employees.
• Staying current with emerging threats, vulnerabilities, and security technologies.
• Analyzing security logs and recommending improvements to security controls.
• Participating in security audits and compliance activities.
• Developing and maintaining incident response plans and disaster recovery strategies.

• Monitor and analyze security logs and network traffic for suspicious activities and potential threats.
• Implement and manage security solutions, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Conduct regular vulnerability assessments and penetration testing to identify security weaknesses.
• Develop and maintain security policies, procedures, and standards in accordance with best practices and regulatory requirements.
• Respond to security incidents, including investigation, containment, eradication, and recovery.
• Provide security awareness training to employees and promote a security-conscious culture.
• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Assist in the development and maintenance of disaster recovery and business continuity plans.
• Conduct security audits and ensure compliance with relevant security frameworks (e.g., ISO 27001, NIST).
• Collaborate with IT teams to ensure security is integrated into system design and implementation.
• Manage security documentation and incident reports.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in information security, cybersecurity operations, or a related IT security role.
• Strong understanding of cybersecurity principles, including network security, cryptography, and risk management.
• Experience with security tools such as SIEM, vulnerability scanners, and firewalls.
• Knowledge of common cyber threats, attack vectors, and mitigation techniques.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and documentation skills.
• Relevant certifications such as CompTIA Security+, CEH, or CISSP are highly desirable.
• Ability to work effectively both independently and as part of a team.
• Familiarity with Bahamian data protection regulations is a plus.