Information Security and Data Protection Specialist
Job purpose
- Overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
- Responsible for the organization’s data privacy and protection function to ensure compliance with various regulations and best practices.
2. Primary Duties Performed
- Develop and maintain the cybersecurity Risk Management Framework of the organization for addressing the overall approach for handling cybersecurity risks and managing them in a methodological manner.
- Evaluate employees’ information security awareness and provide the necessary training whenever is needed.
- Conduct frequent reviews on Vulnerability Assessment and Penetration Testing (VAPT) and manage vulnerabilities.
- Define the necessary controls to ensure all regulatory requirements related to cybersecurity are met, designed effectively with clear documentation.
- Identify the critical assets of the organization and ensure implementation of risk identification and management strategies for these critical assets.
- To assess technology projects to ensure that cybersecurity is adequately addressed.
- Responsible to identifying and managing cybersecurity risk for all third-party technology engagements and all cloud computing engagements.
- Evaluates and recommends cybersecurity technologies and solutions.
- Review cybersecurity & Risk Management manual and recommend necessary updates.
- Act as Data Protection Officer to identify and evaluate the Company’s data processing activities.
- Monitor data management procedures and compliance within the Company.
- Assess Company compliance with Data Protection Private Law.
- Provide advice and arrange training to employees on Data Protection.
- Review and recommend updates on Data Protection Manual.
- Serve as the point of contact between the company and the data protection authorities.
- Performs other related duties assigned by the department head.
3. Secondary Duties Performed
- Assist in implementing risk management framework, policies and programs covering business, financial, operational, technological, and regulatory risks.
- Assist in the development and management of controls and business contingency plans.
- Maintain and update organizational risk register.
- Oversee the regular validation and testing of the Company Business Continuity Plan.
- Review Risk Management manual and recommend necessary updates.
4. Work & Business Contacts
Internal
- Management team and staff.
External
- Regulatory Bodies: Central Bank of Bahrain and Personal Data Protection Authority.
- Law Firms and Legal Advisors.
- Internal and External Auditors.
- VAPT vendors.
Division / Department: Risk Management
Incumbent Reports to: Manager – Risk & Project Management