Job: Head of Information Security

Location: Amman - Jordan

Industry: Banking

 

 

Job Objective: To oversee the administrative and operational activities of the Information Security Department and its staff across the bank and its external branches. This includes ensuring the implementation and maintenance of information controls and protection across all bank systems, reviewing and developing information security policies, and updating the business continuity and disaster recovery plans in accordance with evolving requirements and industry developments.

 

Responsibilities: Set departmental goals in collaboration with team members, supervise staff performance and attendance, and manage leave schedules to ensure continuous high-quality service delivery. Monitor security procedures and mechanisms, contribute to defining security responsibilities and controls, and liaise with external information security consultants to enhance the bank’s information security posture. Oversee and periodically update the bank’s Information Security Policy, including PCI-DSS, COBIT, and cybersecurity requirements, ensuring data safety, encryption protocols, access controls, and compliance with the bank’s overall strategy. Participate in developing and implementing these policies. Regularly update the cybersecurity program, including risk management, strategies, policies, standards, procedures, guidelines, baselines, and key risk/performance indicators. Manage the implementation of the cybersecurity program, integrate cybersecurity into all banking operations, assess cyber risks, propose mitigation measures, and manage classification of information and systems. Evaluate the adequacy of cybersecurity controls and approve exceptions based on the bank’s risk appetite and regulatory guidance. Measure and enhance cybersecurity program performance, ensure compliance with policies and standards, and report regularly or as needed to the board and relevant committees. Review user access reports to ensure authorized access to the bank’s information, identify violations of access policies, and take corrective action to prevent future breaches. Assess IT infrastructure security by tracking performance indicators and using appropriate tools. Coordinate with various departments and the IT division on exceptional system usage requests to ensure business continuity with proper information oversight. Manage cybersecurity incident response and digital forensics, ensuring timely and effective handling in coordination with internal and external stakeholders under the business continuity plan. Manage access rights policies in coordination with information owners and define procedures for implementing these access rights. Review the bank’s strategic plans for all information security systems and propose plans to enhance protection of data and banking applications, whether on-premise or cloud-based. Approve and oversee implementation of the bank’s information security procedures, ensuring alignment with the bank’s strategic plans including emergency and disaster recovery operations, and evaluate these procedures against recognized standards. Serve as the Data Protection Officer (DPO) by reviewing and advising on customer complaints related to personal data processing and documenting recommendations. Collaborate with external information security consultants to enhance the bank’s security posture. Prepare periodic reports on information security status for relevant committees, assess IT activities, and produce reports for the department (Information Security / Business Continuity) reflecting security events. Supervise analysis of control procedures over information systems/cybersecurity programs, periodically assess information risks, recommend new technologies and countermeasures for global threats, and oversee security of new services/projects. Supervise the development of preventive inspection plans across branches, ATMs, and subsidiaries in coordination with the operational risk department to ensure security and public safety. Develop awareness and training programs for bank staff on information security and protection. Review internal and external audit/inspection reports, follow up on relevant findings, and ensure permanent resolutions. Act as a core/backup member in business continuity and emergency response teams and perform tasks as required by the plan to ensure recovery of operations promptly during crises.

 

 

Skills and Qualifications: Bachelor’s degree in Computer Engineering or a related field. Minimum 10 years of IT experience, including at least 5 years in Information/Cyber Security. Preferred certifications: CISM, ISO 27001, PCIP, or equivalent. Strong planning and organizational skills. Excellent English (spoken and written). Strong analytical skills. Proficient in computer systems and applications. Ability to lead and motivate teams. Thorough knowledge of internal and external policies/procedures. Strong communication and interpersonal skills. Full knowledge of PCI, COBIT, ISO 22301, and regulatory cybersecurity requirements. Ability to work under pressure.