Senior Security Operations Specialist – Islamic Development Bank , Saudi Arabia

JOB PURPOSE:
The Senior Security Operations Specialist is responsible to design and implement the cyber security infrastructure across all levels of the applications and infrastructure technology landscape to protect IsDB data and systems and manage security operations processes to ensure that security threats and risks are monitored, detected and mitigated within the risk appetite of the organization. The Senior Security Operations performs both the strategic oversight and day-to-day management of the third parties to ensure that cyber security services meet the organizational needs.

KEY RESPONSIBILITIES:
Design and maintain the cyber security architecture and roadmap in collaboration with Solution Architects, Solution Operations and Infrastructure Operations across the application and IT Infrastructure technology landscape to protect IsDB systems and data
Collaborate with the Enterprise Architecture, Technology Risk, Risk Management, and Internal Audit functions to address complex security requirements within the three lines of defense organizational model
Develop and maintain cyber security policies, processes, and procedures according to industry frameworks and standards in coordination with the Technology Risk and Assurance function
Ensure compliance to organizational cyber security policies, standards and guidelines for HQ and Regional Hubs covering cloud services, data centers, network, servers, communication solutions, disaster recovery sites, end user computing, databases, solution platforms and websites
Manage third parties delivering cyber security operations, monitoring and incident response services (Security Operations Center) for HQ and Regional Hubs to maintain security of the IT landscape, ensure contractual expectations are adhered with security threats and incidents are addressed and mitigated in a timely manner
Collaborate with Solution Delivery and Technology Operations teams to develop plans to protect information against accidental or unauthorized modification or disclosure and participate in disaster recovery planning and exercises for continuous process improvement
Participate as a standing member of the Change Advisory Board to ensure all changes within the IsDB technology environment are complying with cyber security policies and standards
Plan and manage the implementation of proactive security mitigation measures that reduce risk and exposure to cyber security attacks including security patching of business solution platforms and infrastructure components
Drive the development and implementation of cyber security action plans across Solution Delivery and Technology Operations areas to remediate vulnerabilities identified through vulnerability scans and mitigate security gaps identified through penetration tests
Collaborate with IMDT teams and third party cyber security service providers to anticipate security threats, incidents and disasters to fine tune preventive and detective controls in order to reduce their likelihood by determining the most effective way to protect IsDB’s network, data and information systems against any possible cyber-attack.
Manage the development and maintenance of detailed cyber security incident response procedures including use case libraries, procedures, guidelines, playbooks and reporting in line with organizational policies
Coordinate the cyber security incident response including third party cyber security providers and IMDT teams to ensure that any compromise is addressed efficiently to minimize the impact and recover any affected services as quickly as possible
Oversee the second and third levels of support and response for cyber security events including, but not limited to, intrusion detection, malware infections, denial of service attacks, privileged account misuse and network breaches
Participate as a standing member of the Change Advisory Board to ensure all changes within the IsDB technology environment are complying with cyber security policies and standards
Analyze security breaches to understand their root cause and respond immediately to security related incidents and provides a thorough post event analysis and reports
Manage the end-to-end Public Key Infrastructure (PKI) infrastructure in accordance with policy requirements and coordinate the integration activities of the PKI with business applications and infrastructure to ensure security objectives are in accordance to the business needs
Manage the end-to-end Identity and Access Management (IAM) across technology platforms according to policies, processes, procedures and standards
Conduct periodic access reviews for business across business solutions and infrastructure to ensure appropriate access to systems and data for business users, IT personnel and third parties to reduce the risk of abuse or fraud
Provide training and awareness to Solution Delivery and Technology Operations teams on cybersecurity topics and how cybersecurity measures can be implemented at the solution and infrastructure to minimize security threats and vulnerabilities and adhere to organizational policies, processes and standards
Prepare and present detailed and summary cyber security reports to accurately represent plans, status and risks to IMDT, business and management stakeholders

JOB REQUIREMENTS:
Academic Qualifications:
Bachelor’s degree in Computer Science or Engineering or related field
Experience:
8+ years of experience in information security and security operations
Languages:
English (mandatory)
French (preferred)
Arabic (preferred)

Skills & Necessary Knowledge:
Experience in managing security operations and handling security incidents
Experience in implementing and managing security standards, application security controls, infrastructure security controls
Experience in Penetration Testing and Vulnerability Management
Experience in implementing and managing identify management solutions and operations
CISSP, ISO 27001, CISM or other relevant information security industry recognized certification
Good understanding of application platforms, server & desktop operating systems, networks, firewalls and other security technology
Location:
Jeddah, Kingdom of Saudi Arabia, Head Office

Click here to Apply Online

Enter your email address to receive latest Gulf Jobs Updates: