Information Security Governance Officer / Sr. Officer

Job Description

1. Conduct the annual review and update of the area’s processes, procedures and policies with the adherence to the developed SLAs. This includes mainly the review of the Information Governance Policy, the Security Governance Policy, the Data Classification Policy and the Information Access Management & Handling Procedures. 2. Design and Develop the Data Classification & Protection program to set a data classification framework that helps classify and protect the bank’s crown jewels and critical information assets. 3. Maintaining the necessary controls to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data. 4. Maintain the sensitive data inventory and data flows across all departments to ensure increased visibility & control of enterprise data landscape. 5. Ensure the proper handling of the bank’s information according to the developed Information Governance policy through liaising with IT Security Infrastructure for the effective utilization and proper policy setup over the different security tools such as the Data Loss Prevention, Data Classification and the URL Web Filtering tools. 6. Review and configure the information classification and protection tools’ policies to enforce the proper classification of the bank’s documents and files and applying the appropriate rights, documents’ security and security controls accordingly. 7. Monitor and track the violations to the developed information access & handling security policies to ensure the necessary disciplinary actions take place. This includes unjustified access to information, Data Leakage attempts Policy Violations, Improper Handling of information assets, etc. 8. Maintain and develop an Enterprise Mobility Management (EMM) strategy and ensure the appropriate policies are applied on the EMM solution to ensure the adequate protection of information and accessibility over mobile devices. 9. Provide security controls approvals over information & Data related access requests, similar to Removable Media Access, External Email Access, Special Internet Access and EMM Access, to ensure proper business justification is in place and according to the defined process and SLA. 10. Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner. 11. Follow the day-to-day operations related to own jobs in the Information Security department to ensure continuity of work.