The Head of Security Services will:
1. Translate business objectives into technology strategy and security design by leading cross-enterprise strategic architecture work, collaborating with technical and business stakeholders to address information security risks while achieving business objectives, meeting regulatory requirements, and addressing emerging threats.
2. Provide security architect team with design governance and business objectives as per GCSO main objectives and guidance
3. Investigates possible violations of security controls and coordinates response to computer and network security incidents to include, but not be limited to, notification of incidents to the appropriate administrators, and law enforcement if necessary.
4. Direct and coordinate activity during security incidents and Ensure all required resources are involved and managed during incident time and after the incident procedure to include but not limited evidence capture required for further legal action
5. Formulate a virtual incidence response team and ensure team roles and plans are well coordinated and tested to ensure effectiveness during real incidents
6. Ensure incidents response and remediation is automated as per the bank strategies and process and Ensure faster remediation with no business disruption
7. Develops and coordinates procedures to ensure confidentiality, integrity, and accessibility of data and software.
8. Plan, design and work closely with the IT infrastructure and software development teams on the identification and implementation of appropriate security software and hardware controls.
9. Keeps abreast of changes to existing and proposed security federal legislation and regulatory laws (such NESA or Information security acts pertaining to information system security and privacy, information processing and/or security standards and techniques.
10. Works with other units in bank as appropriate to formulate and promulgate bank wide "best practices" and standards for security and access control to data and information systems.
- A University degree in Computer Science and/or equivalent experience.
- A minimum of 10 to 15 years of overall IT and security-related experience, five of which should have been spent as a Security Architect or closely related function
- Appropriate security certification is required – SABSA. Any industry specific certifications like CISSP, CISA, CISM are desirable
- Experience in the Information Security function within a Financial Services domain with knowledge of pertinent standards and regulations for the financial industry (i.e. PCI, SOX, and NESA etc.)
- Architecture experience working on the delivery of complex enterprise systems involving cross functional teams
- Possess relevant security experience with security policy development, security architecture models, and information security regulatory compliance
- Well-versed in identity management, authentication, authorization, single sign-on, encryption, and application security architecture
- Experience with authentication, authorization and encryption controls and technologies required for the entire end-to-end information flow across all technical components: user, browser, Internet, DMZ, portal, Web server, application server, LAN, database server and database
- Experience designing and implementing both the technology and process aspects of enterprise-wide identity management solutions
- Experience with security architecture including network security service architecture, remote access, WAN security architecture, Firewalls, IDS/IPS, NAC, SIEM, Content Filtering and authentication systems
- Expert knowledge of best practices and experience with security engineering tasks, techniques (e.g. passwords, encryption, digital signatures), and tools
- Security expertise in the design of networks, telecommunications, servers, and WAN/LAN requirements for local and global offices and locations
- Excellent understanding of risk management and assessment
- Excellent understanding of Vulnerability Assessment
- Excellent written and verbal communication skills.
- Excellent planning and organisational skills.
- Excellent interpersonal, negotiation and conflict resolution skills, including the ability to work very effectively in a collaborative and team-oriented manner with other leaders and team members.
- Fluent in English and Arabic is a plus