Information Security and Data Protection Specialist

Job purpose

  • Overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
  • Responsible for the organization’s data privacy and protection function to ensure compliance with various regulations and best practices.

2. Primary Duties Performed

  • Develop and maintain the cybersecurity Risk Management Framework of the organization for addressing the overall approach for handling cybersecurity risks and managing them in a methodological manner.
  • Evaluate employees’ information security awareness and provide the necessary training whenever is needed.
  • Conduct frequent reviews on Vulnerability Assessment and Penetration Testing (VAPT) and manage vulnerabilities.
  • Define the necessary controls to ensure all regulatory requirements related to cybersecurity are met, designed effectively with clear documentation.
  • Identify the critical assets of the organization and ensure implementation of risk identification and management strategies for these critical assets.
  • To assess technology projects to ensure that cybersecurity is adequately addressed.
  • Responsible to identifying and managing cybersecurity risk for all third-party technology engagements and all cloud computing engagements.
  • Evaluates and recommends cybersecurity technologies and solutions.
  • Review cybersecurity & Risk Management manual and recommend necessary updates.
  • Act as Data Protection Officer to identify and evaluate the Company’s data processing activities.
  • Monitor data management procedures and compliance within the Company.
  • Assess Company compliance with Data Protection Private Law.
  • Provide advice and arrange training to employees on Data Protection.
  • Review and recommend updates on Data Protection Manual.
  • Serve as the point of contact between the company and the data protection authorities.
  • Performs other related duties assigned by the department head.

3. Secondary Duties Performed

  • Assist in implementing risk management framework, policies and programs covering business, financial, operational, technological, and regulatory risks.
  • Assist in the development and management of controls and business contingency plans.
  • Maintain and update organizational risk register.
  • Oversee the regular validation and testing of the Company Business Continuity Plan.
  • Review Risk Management manual and recommend necessary updates.

4. Work & Business Contacts

Internal

  • Management team and staff.

External

  • Regulatory Bodies: Central Bank of Bahrain and Personal Data Protection Authority.
  • Law Firms and Legal Advisors.
  • Internal and External Auditors.
  • VAPT vendors.

Division / Department: Risk Management

Incumbent Reports to: Manager – Risk & Project Management