Senior Officer Cybersecurity Governance and Compliance

The Senior Officer Cybersecurity Governance and Compliance will assist the governance section in establish functional ISMS and ensure information security program alignment and execution with key business objective.

Accountabilities

• Cybersecurity Policy Management
• Cybersecurity Training & Awareness
• Cybersecurity Regulatory & Policy Compliance
• Privacy and Data protection
• Cybersecurity Matrix, Risk Register, Appetite & Reporting
• Participate in understanding the enterprise objectives and translate them in defining annual Information Security strategy, roadmap and objectives .
• Work with the higher levels to understand compliance gaps or requirements, technical need and translate them to policy statements also participate in establishing and maintaining security policies, baselines, standards, checklist and processes and for defining roles and responsibilities of Info. Security within the bank.
• Participate in establishing a strong and effective Security Governance model and instituting a sound IS GRC platform based on a unified security compliance model .
• Participate in the execution of bank-wide information security awareness program and a customer focused IS awareness program with an objective to enhance the awareness level of BSF staff and customers.
• Participate in establishing and maintaining Information Security KPI and metrics, risk register and risk appetite
• Participate in maintaining overall security remediation plans and managing Information Security exceptions.
• Participate in the effectiveness review of processes
• Coordinate in the preparation of all reports generated for Management
• Participate in Identifying and keep track of all information security related compliance mandates and work with governance in the creation, implementation, and maintenance of appropriate policies, and procedures to be compliant with all applicable regulations
• Responsible for identifying compliance gaps and to recommends, implements, and maintains technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective manner
• Liaison with other business lines and support divisions in the implementation of regulatory compliance requirements.
• Responsible in tracking audit findings and recommendations to ensure that appropriate mitigation actions are taken and support necessary compliance activities
• Participate in managing critical information security compliance programs including PCI DSS, ISO 27001, SAMA CSF and compliance mandates from SAMA and NCA
• Responsible for coordinating activities internal and external auditors including PCI QSA, ISO 27001 external auditor, and internal BSF audit division and with all B/Ls and support divisions.
• Participate in understanding and interpreting emerging and evolving data protection and privacy standards and framework and translate them to BSF compliance program
• Participate in ensuring that all requirements of SAMA circulars, guidelines, Information Security Strategy, Information Security Framework and incorporated in the information security compliance program

• A bachelor's or master’s degree in Computer Science or Information Technology or related field.
• Professional certification such as CISSP, CISA, CISM, CGEIT, CRISC, CEH etc.
• Minimum 3 to 6 years in information security with experience in information security governance and compliance.
• Relevant certifications
• Technical Skills:
• Strong knowledge and awareness of Corporate Governance, Risk Management methodologies.
• Excellent knowledge of information security, related business processes, and control objectives.
• Ability to relate business requirements and risk to technology implementation for security-related issues
• Knowledge of information security standards, codes of practice and guidelines such as 27000:2005, the NIST Computer Security Division Special Publications and Federal Information Processing Standards
• Project management skills, including financial/budget management, scheduling and resource management, certification as PMP or related certification a plus
• Good understanding of generally accepted IT security and privacy audit procedures and standards
• Good knowledge of information security concepts, methodologies and best/leading practices.
• Administrative Skills:
• Coordination skills.
• Documentation skills.
• Good Reporting Skills