Home Jobs in Bahrain Head Internal Audit Jobs in Bahrain Head Internal Audit

Head of Information Security and Internal Audit

Payment International Enterprise

Posted on March 7, 2019

10 - 16 years Bahrain - Bahrain

Any Graduation. Any Nationality

Best in the Industry

Easy Apply

Opening 01

Job Description

Email sent successfully.

Position Summary:

The Head of Information Security has overall responsibility for the Information Security and Internal Audit function. Has to oversee the Information Security and Internal Audit posture of the organization. The position ensures the Board of Directors, management and employees are in compliance with the rules and regulations of regulatory agencies, that company policies and procedures are being followed, and that behavior in the organization meets the company's Standards of Conduct.

General Purpose

The Information Security and Internal Audit Officer acts as staff to the CEO and Board of Directors, Information Security Committee by monitoring and reporting results of the security/ethics efforts of the company and in providing guidance for the Board and senior management team on matters relating to security risk. Works to ensure roles, responsibilities, and results are efficiently coordinated and collectively optimizing the effectiveness of risk management, control, and governance of the company.

• Develops, initiates, maintain, and revises policies and procedures for the general operation of the Security Program and its related activities to prevent illegal, unethical, or improper conduct. Manages day-to-day operation of the Program.
• Develops and periodically reviews and updates Security Standards of Conduct to ensure continuing currency and relevance in providing guidance to management and employees.
• Collaborates with other departments (e.g., Risk Management, Internal Audit, Employee Services, etc.) to direct security issues to appropriate existing channels for investigation and resolution. Consults with the corporate attorney as needed to resolve difficult legal security issues.
• Responds to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by evaluating or recommending the initiation of investigative procedures. Develops and oversees a system for uniform handling of such violations. Develops and maintains as ongoing Incident Management Program.
• Develops or implements open-source/third-party tools to assist in detection, prevention, and analysis of security threats. Implements proactive protection
• Acts as an independent review and evaluation body to ensure that security Issues/concerns within the organization are being appropriately evaluated, investigated and resolved.
• Monitors, and as necessary, coordinates security activities of other departments to remain abreast of the status of all compliance activities and to identify trends.
• Identifies potential areas of security vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in the future. Ensures through review of existing security controls at Operations, IT, Sales and Finance Department.
• Provides reports on a regular basis, and as directed or requested, to keep the Information Security Committee of the Board and senior management informed of the operation and progress of compliance efforts.
• Proactively plans and monitors the infrastructure for threats and cyber security breaches. Ensures legal coverage with third parties that are connected to the infrastructure to provide or avail services.
• Maintain critical infrastructure and determine mitigation strategies in line with the business by determining the vulnerabilities and associated risks. Should be able to maintain the configurations of infrastructure using repositories like Chef
• Ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.
• Establishes and provides direction and management of the security Hotline.
• Skills for forensic investigation is a nice to have or develops a program to carry out forensic analysis post a breach has been identified.
• The Code analysis is a nice to have or can develop a program of secure coding and implementation of systems using standards or tools.
• Is highly involved in the change request program and activity addresses the PMO and Operations teams with the daily needs. Security of data at rest and motion should always be addressed as early as project initiation.
• Security posture at cloud providers like Amazon is a must-have skill along with knowledge PCI DSS
• Institutes and maintains an effective security communication program for the organization, including promoting (a) use of the security Hotline; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related policies and procedures.
• Works with the Human Resources Department and others as appropriate to develop an effective Information Security training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers.
• Monitors the performance of the Information Security Program and relates activities on a continuing basis, taking appropriate steps to improve its effectiveness.
• Lead and execute Internal Audits change initiative by implementing action plans related to risk assessment and annual planning, audit execution, audit reporting, staff recruiting and development, audit technology, and Audit Committee reporting.
• Lead and execute Internal Audits annual risk assessment and enterprise risk assessment and planning process to develop the audit plan and ensure the plan is responsive to and aligned with the risk profile of the organization.
• Design and implement a framework for Internal Audit, Risk Management and Compliance for the Company.
• Design and perform the annual audit plan and risk management for the business.
• Evaluate the efficiency of the risk management that is currently in place and work with senior operational stakeholders in designing and implementing best practice.
• Identify the best business process and recommend new and innovative ways to create efficiency and best practice across the group to identify cost savings and revenue maximization.
• Act as an independent and objective advisor to ensure validity, legality and strategic goals.
• Oversee the execution of individual audits defined in the audit plan ensuring the highest level of service quality and client satisfaction.

Banking / Financial Services / Broking

Desired Candidate Profile

Knowledge and Skills:

• 10 years of IT or Information security experience along with hands-on configurations management when it comes to securing infrastructure.
• Planning and Time Management
• Effective Communication and Human Relations skills
• Critical Thinking and Analysis
• Tenacity and Ethics
• Technology Proficient (excel, word, PowerPoint, Visio, ability to learn new software)

Experience and Education:
• Certified Internal Audit (CIA) or Certified Public Accountant (CPA) or Chartered Accountant (CA) required with a Certified Information Security Auditor (CISA) qualification/ Certified Information Security Manager (CISM).
• An ideal candidate must possess a combination of the following certificates:
1. Certified Information Security Professional (CISSP)
2. Certified Information Systems Auditor CISA
3. Certified Ethical Hacker CEH
4. Certified Information Security Manager CISM
5. Security in the cloud
6. ISSAPA certified professional
• Experience across internal audit (financial and operational), compliance and risk management will be an added advantage.


Information Security It Security IT Audit Cisa Cissp PCI DSS cism Information Security Management Manager Information Security

Login To ApplyRegister & ApplyApply Without Registration


Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information.We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

Payment International Enterprise

Payment International Enterprise

Additional Information Required

Employer has requested some additional information along with your application for this job

Login to Naukrigulf

Continue using

All your activity will remain private