Information Security Systems Engineer

Job Summary

• Should be Cisco Certified Network Security Assistant (CCNA Security) holder.
• Should have information security architecture on one of the following professional certificates:
• Certified Information Security Professional (CISSP).
• Certified Information Security Manager CISM).
• Information Security Professional CompTIA).
• Certified ethical hacker CEH).
• Preferably in the information security audit on one of the following professional certificates:
• Certified Information Security Checker (CISA).
• Framework Certificate in Information Systems COBIT 5).
• Professional knowledge of information security and relative knowledge in security, physical and environmental security personnel, protection management, identity and access to critical infrastructure, incident response, business continuity planning, disaster recovery and program planning.
• Proven skills and real situations by implementing risk management programs, including implementation of risk assessments, identification and implementation of missing information controls, and management of ethical penetration testing.
• The promptness of the procedures for any case of information security and the proper selection of the appropriate procedure in each case, with proper communication with the management of information systems, depending on the importance of the case.
• English language proficiency (speaking - writing - reading), additional Arabic language.
• Should have the ability to communicate with technicians and non-technicians, each according to the appropriate method of understanding.
• Communicate with the staff of information systems and others with the required information or procedures in a timely manner.
• Should be good using a software package Microsoft Office for texts, tables, reports and presentations.
• Task Management skills including time management, team work, workload distribution, ability to work under great pressure.
• Experience in the preparation and supervision of information security programs, policy frameworks, compliance with information security standards, risk management programs, ISO 27001, trust programs, awareness and training programs, and security standards from the Information and Government Authority.

Role, Duties And Responsibilities

• Define the objectives of protection and objectives consistent with the comprehensive strategic plan for the information systems of the Organization and the Information and the Government Authority.
• Participate in efforts to develop and develop the Disaster Plan and business continuity plan to impose the use of the regulations of the Organization and System Enforce Plan in addition to business continuity monitoring and compliance.
• Prepare, coordinate, manage and execute the document security policy of the Organization's Documents Security Through standards, recommendations and procedures to ensure continuous security maintenance.
• Prepare and maintain an information security policy Information Security Strategy and the Official Procedures Manual.
• Combine information to assess the risks associated with the information of the Organization's Security Threats, and practices to ensure access to protected systems information Secure Data Procedures and the Information Security Plan of the Organization, Information Security Plan Staff, departments and systems.
• Implementation of security technologies to measure plans, products and controls to monitor the effectiveness of information security and improve productivity Measurements & KPIs.
• Prepare, implement and follow a campaign to educate the Organization's employees and law enforcement officers about information security sanctions in all available and modern ways of communication and information to reach all target audiences.
• Prepare and lead the Security Awareness Program at the Organization
• Provide Information Security Awareness Program training for Organization's employees and users of information systems in security matters.
• Propose development ideas that serve the Organization's information security at the lowest cost and highest quality.
• Prepare the periodic reports on the compliance of the staff of each Department of the Organization with the laws, rules and guidelines in the field of information security Staff Obeying Report.
• Prepare, execute and leads a team to respond to information security incidents
• Emergency Information Security team to contain them in their moment, to investigate them, and to prevent future violations of the Organization's information.
• Closely follows the news and information of those involved in information security violations Information Security Local Blacklist and makes sure that it does not reach the Organization's information.
• React quickly to the warnings and demands of the security team of the Hawks of the Government of the Kingdom of Bahrain CERT's (Computer emergency response team) requirements and apply as soon as possible, follow up with the head of the technical support department and director of information systems and the results of follow - ups go.
• Work with engineers, technicians in the technical support department, developers and programmers in the application development department in the field of information security to ensure compliance in their procedures and technical production with the laws and security rules IT Staff Obeying Report.
• Supervise, coordinate and manages ethical piracy and penetration tests of the information infrastructure of the Organization's Red Engineer Vulnerabilities Report - Ethical Hacker.
• Works with external consultants as appropriate for independent security audits Information Security External Consultations.
• An annual report must be submitted to the Chief of the Technical Support Section and the Director of Information Systems on the progress of the Information Security Program in the Organization Annual Information Security Report.
• Without the necessary permission, the employee is not entitled to disclose the employee, nature and place of work, or to report any confidential information, including details of the client, to any other parties, during or after the period of employment.
• The employee should comply with all relevant information security policies in the Government of the Kingdom of Bahrain.