Engineer Information Security

Requirement: To hire an outsourced and experienced Senior Information Security Professional for the bank. The resource would align to the bank and Information Security (IS) department objectives and be responsible for the coordination, implementation or follow through of security measures/controls as mandated by regulations, best practices, and bank policy/standards to safeguard the confidentiality, integrity and availability of the bank s information assets. The resource will be required for a period of six (6) months.

Skills and Capability:

• In depth knowledge of cyber security frameworks and standards (e.g. NIST CSF, ISO 27001, COBIT etc.)
• Proficiency in security technologies such as proxy, firewalls, intrusion detection/prevention systems (IDS/IPS), security information and event management (SIEM) systems, vulnerability scanners, Network Access Control, MXDR/XDR/EDR, SOC, Anti-Virus, Web Application Firewall, DLP, IAM.
• Strong knowledge in cloud security (AWS, Azure) and cloud experience is a plus.
• Knowledge of network protocols, operating systems, and database security.
• Understanding of cryptography, data protection, and CBB regulations.
• Minimum of 5 years experience in Information Security.
• Bachelors/Diploma in Information Security, Computer Science, Information Technology or a similar field.
• Certifications in Security is desired (i.e. CISSP, CISA, CISM, CGEIT, CRISC, CEH, OSCP, GIAC Certifications or equivalent)
• Strong analytical, problem solving and communication skills.

Core Responsibilities:

• Continuously monitor security events, tickets, reports, logs, and security solutions/portals to identify, investigate, and mitigate security issues. Escalate incidents to appropriate teams as needed and actively participate in incident management efforts.
• Conduct and update risk assessments according to the Cybersecurity Risk Management framework, including identifying, assessing, and mitigating security risks and maintaining the risk register.
• Monitor and report on adherence to cybersecurity policies, processes, standards, guidelines, baselines, and metrics.
• Perform regular reviews, scans, and coverage checks using internal security solutions, tracking open items to resolution and coordinating with third parties as required.
• Drive continuous improvement and effective utilization of internal security solutions and programs. Evaluate and recommend solution enhancements to improve security posture and efficiency.
• Collaborate with other departments to ensure security controls, measures, and objectives are met.
• Review projects to identify and recommend security control requirements and areas for improvement, ensuring security is integrated throughout the project lifecycle.
• Provide recommendations based on new and evolving regulatory requirements and contribute to improvement of existing cyber security documentations.
• Administer vulnerability assessments, cyber surveillance, and cybersecurity training/simulation platforms to support security objectives.
• Support existing and ongoing bank projects, including the full lifecycle of security solution renewals (from initiation to implementation).
• Contribute to the achievement of departmental strategy, KPIs and objectives.
• Provide regular updates and reports to the head of department and contribute in meeting preparations.
• Work to continuous improve the security posture of the bank.
• Evaluate and manage department third-parties to ensure alignment to SLAs.
• Provide security guidance and recommendations to teams where required.
• Adhere to bank policies, standards, strategic objectives and applicable regulations.
• Stays abreast with the cyber security threats and solution landscape.
• Provide technical guidance and advise to junior staff/trainees as needed.

Proposal Structure:

We recommend to have the proposal in the following structure:

• About the company/partner i.e. track record, experience in banking/financial sector, cyber security engagements etc.
• Submissions: Proposed Candidates (At least 3 Candidate CVs to be provided based on the previously mentioned requirements), detailed methodology for sourcing and vetting candidates.
• Commercial Proposal (6 months onsite full time [extendable])
• Selection Criteria is not limited to the below:
  • Candidate qualifications and experience(technical, certifications, experience, skills and capability etc.).
  • Vendor competence, reputation and industry experience (references are a plus)
  • Cost-effectiveness of the proposal.
  • Proposed timeline for filling the position.
  • Additional value-added services.
• Vendor Obligation; Background checks on candidates, replacement guarantees in case of non-performance/attrition and continuous ongoing support to the resource such as trainings and technical guidance/advise as necessary. Vendor to adhere to data protection and confidentiality standards during the recruitment process. Alignment with the Kingdom of Bahrain s regulations.