إنتهت صلاحية هذا الإعلان الوظيفي لقد إنتهت صلاحية هذا الإعلان الوظيفي و هو غير مفتوح حاليا لأي طلبات عمل.
إرفاق
وصف الوظيفة
Job Purpose
This level requires excellent knowledge of Information Security Risk Management & containment strategies. Excellent knowledge of Penetration testing and risk assessment methodologies, Excellent knowledge of security and infrastructure Architecture, international standards, SAMA and NCA Mandates and clear understanding of cyber security policies standards and guidelines. The level also is required to have an in-depth understanding of vulnerability management, threat monitoring and information security governance methodologies.
The Senior Officer Cybersecurity Risk Management and Engineering will assist the department head in establishing and managing a structured, yet flexible approach for managing information security risk and monitor risk and would perform regular risk assessments. Participate in all stages of technology projects for ensuring cyber security requirements are addressed and perform architecture reviews. The role is also expected to keep watch for emerging threat and compliance mandates to perform effective Cyber security Risk Management.
Accountabilities
- Maintain the Cyber Security Risk Management Framework of BSF for addressing the overall approach for handling Cyber Security risks and managing them in a methodological manner
- Responsible to conduct or manage penetration testing and risk assessment activities to identify and manage cyber security risk for Application and Infrastructure
- Responsible to develop, maintain and implement cyber security architecture
- Responsible to ensure that cyber security architecture are reviewed and implemented in all technology projects and initiatives
- Identify the critical assets of the bank and ensure implementation of risk identification and management strategies for these critical assets
- Responsible to be involved in all stages of technology projects to ensure that cybersecurity is adequately addressed
- Responsible to identifying and managing cyber security risk for all third party technology engagements and all cloud computing engagements
- Responsible for coordinating and managing all independent third party engagements for penetration testing and risk assessment.
- Manage all audit activities weather internal or external on cyber security risk management
- Identify and maintain all KRI and KPI for on cyber security risk management
- Identify, implement and maintain cyber security risk management mandates and compliance requirements from regulatory bodies or national / international authorities
- Perform reviews or assessment for ensuring proper cyber security risk management
- Ensure that the results of cyber security review are be reported to business owner and that the Cyber security review are subject to follow-up reviews to check that all identified issues have been addressed
المهارات
- A Bachelors or master’s degree in Computer Science or Information Technology or related field.
- Professional certification such as CISSP, CISA, CISM, CGEIT, CRISC, CEH etc.
- Minimum 7 years in information security with experience in risk management and information security governance.
- A minimum of 3+ years in Banking or Financial Sector or IT.
- Strong knowledge and awareness of Corporate Governance, Risk Management methodologies.
- Excellent knowledge of performing and managing enterprise wide risk assessments.
- Excellent knowledge of information security, related business processes, and control objectives.
- Ability to relate business requirements and risk to technology implementation for security-related issues
- Knowledge of information security standards, codes of practice and guidelines such as 27000:2005, the NIST Computer Security Division Special Publications and Federal Information Processing Standards
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies
- Confidence and leadership as a member of project teams in a cross-functional environment
- Project management skills, including financial/budget management, scheduling and resource management, certification as PMP or related certification a plus
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve strategic goals.
- Sound understanding of generally accepted IT security and privacy audit procedures and standards
- Knowledge of key developments in the risk management industry.
- Excellent knowledge of information security concepts, methodologies and best/leading practices.
- Good coordination skills.
- Good organizational skills.
- Excellent work pressure management skills.
- Good reporting skills.
- Excellent communications skills.
- Experience in working in a multi-vendor environment.
- Good interpersonal skills.
- Good ability to maintain relationships at a middle management level.
- Good knowledge of BSF services.
- Knowledge of company systems and information security relationship
- Good knowledge of BSF services.
- Knowledge of company systems and information security relationship
- Good Multitasking capability
- Good, interpersonal, communication and presentation skills
- Good motivation skills.
- Good Reporting Skills