Manager – Information Security

JOB PURPOSE

The Manager – Information Security will be responsible for managing FAB Kuwait’s Information Security, Business Continuity and Data Privacy Program. He/She serves as the process owner of the appropriate second-line functional activities related to confidentiality, integrity, availability of Information assets in addition to Data Privacy and Buiness continuity as well third party risk management and physical security in compliance with regulatory requirements.

• Review and Maintain Information Security, Buisness Contnuity and Data Privacy Policies, Standards, and Procedures for FAB Kuwait.
• Participate in discussions and coordinate activities between local business units, support functions, Compliance Team, IT and GSO – HO for information security and Data Privacy, related planning, implementations and review.
• Ensure compliance as per regulatory requirements (all Information Security / Bsiness Continuity/ Personal Data Protection specific regulations applicabe to FAB Kuwait / Third party risk management / Physical security .).
• Provide regular reporting on the status of information security program, initiatives, security & technology risks and relevant incidents to the executive management.
• Laise with external agencies such as regulatory/adv Manager - Information Securityry/law enforcement bodies, as necessary, to ensure that the FAB Kuwait maintains a strong security posture and is kept well abreast of relevant threats identified by these agencies.
• Review new regulatory legislations; promptly communicate all regulatory notices/circulars to all concerned areas, provide interpretations if necessary; develop/monitor action plans towards its implementation.
• Assist Head office during Regulatory Examinations; ensure implementation/regularization of observations linked to compliance while meeting the deadline(s).
• Review Technology Risk Assessments for IT Projects, RCSA , Third party and Facility Risk assessments.
• Assist and support for Internal and External Audits. Monitor and track all open infosec issues with IT and concerned stakeholders.
  
  Oversee the tracking and closure of Security, BCM & Privacy related Audit findings of FAB Kuwait.
• Govern the security awareness program for FAB Kuwait staff and customers.
• Provide support to FAB CSIRT and Group Data privacy for information security incident response and personal data breach handling.
• Provide SLOD oversight and support the business unit on the implementation of business continuity program in line with local regulatory requirements and Group BCM framework practices and RACI.
• Coordination with Business units/Fraud Risk / GSO for digital forensic investigation.
• Review and assess the regulatory circulars/notices, discuss with GSO-HO and enforce security controls as applicable.
• Assist Group Information Security Office– Head Office team in delivery of information security services to the branch such as vulnerability assessment, penetration testing, SOC monitoring etc.
• Review Management Dashboards/Security MIS related to Patching, VA, PT, Baselines and end point security controls and highlight risks to the branch executive management.
• Assess and Review Change Requests and Security Exceptions for FAB Kuwait.
• Review BRDs, Solution Design, Product Papers from Information Security, Data Privacy and Busines Continuity perspective and any other requirements for FAB Kuwait business units.
• Review and track compliance for Data Privacy and Protection controls.
• Review KPI and KRI for country information security processes.

• Information Security or IT Security or IS Audit background.
• Must be having a minimum 8 years of Information Security Experience.
• Expert knowledge of Information Security Domains and should be certified (CISA, CISSP or CISM or any other relevant security certification).
• Experience in a similar type of role in a multinational business and dealing with regulatory authorities, governments and industry bodies.
• Experience in managing security compliance teams.
• Knowledge of CBK regulatios on Cyber security, Business continuity, & local privacy regulations.
• Ability to comply with Data Privacy Policy / procedures, draft / update local Data Privacy Polcies. Review local Business initiatives and SOPs where required, for compliance with Data Privacy Compliance requirements in co-ordination with H.O. Teams.
• Ability to make good judgments regarding security risk and to prioritize resources and activity around managing those risks.
• Able to conduct the role independently and with integrity.
• Ability to plan, organize and prioritize tasks and projects.
• Good personal communication skills capable of dealing with wide range of stakeholders, including senior management.
• Fluent (spoken and written) in English, Arabic.