Information and Physical Security Specialist

JOB PURPOSE

• To manage the development, implementation and continuous reviews and monitoring of physical and information security governance in line with business, regulatory and legal requirements to ensure the organisation’s assets are secured

ACCOUNTABILITIES

Physical Security Governance

• Develop physical security policy, standards, and procedures and design, and evaluate protection systems and devices to ensure that sensitive information, equipment, and other material are not compromised

• Oversee the physical security requirements during regulatory audits to ensure all documentation and reports are completed as required

• Act as focal point for physical security investigations involving Information and Physical Security Assurance Department to prepare reports, recommend course of action and follow up on actions

Information Security Governance

• Support strategic security planning to achieve business goals by prioritizing security initiatives and coordinating the evaluation, deployment, and management of current and future security technologies in order to enable the bank to deliver on its priorities in an effective manner

• Promote strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations in order to provide adequate security

• Identify protection goals, objectives and metrics consistent with corporate strategic plan and integrate security into various life cycle process

Information and Physical Security Awareness

• Develop and roll out Information and Physical Security Awareness campaigns for staff and customers based on needs assessments and current threat landscape to protect ADCB information assets

Asset Inventory and Data Classification

• Assist with the establishment and refinement of procedures and processes for the identification of organizational information assets as well as the classification of these assets with respect to criticality and sensitivity and maintain a register of data owners in order to enable the proper classification, recording and updating of organizational information assets

Compliance Reviews

• Oversee the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations

Identity Review and Approvals

• Manage formal information access requests according to the approved procedures and develop and embed a process for implementing Role Based Access to standardize logical access based on business requirements

Policies, Processes, Systems and Procedures

• Adhere to all relevant organizational and departmental policies, processes, standard operating procedures and instructions so that work is carried out to the required standard and in a consistent manner while delivering the required standard of service to customers and stakeholders

Self-Management

• Manage self in line with the bank’s people management policies, procedures, processes and practices to ensure adherence and to maximize own contribution to business performance

Customer Service

• Demonstrate Our Promise and apply the ADCB Service Standards to deliver the bank’s required levels of service in all internal and external customer interactions

EXPERIENCE, QUALIFICATIONS & COMPETENCIES

Minimum Experience

• At least 8 years of experience in a banking industry or similar environment, e.g. a demanding service industry where employees are able to work under pressure

Minimum Qualifications

• Bachelor’s Degree in Computer Science or equivalent, e.g. diploma (mandatory)

Professional Qualifications

• Professional Certifications such as CISSP, CISA, CISM

Knowledge and Skills

• Knowledge in physical and information security, specifically in compliance assessment, policy development and industry standard frameworks

• Ability to read, understand, and evaluate site/facility engineering drawings for potential security deficiencies and to recommend security systems for new facilities

• Understanding of security concepts; access control, physical security, operational security, and management controls and comprehensive understanding of the facility's security system

• Knowledge of operating systems and databases

• Awareness of application security requirements and techniques

• Knowledge and ability to apply compliance management techniques to security policy enforcement

• Experience in developing security policies, guidelines and standards