IT Security Officer
Arab Monetary Fund is a Regional Arab Organisation, Founded in 1976, and has started operations in 1977. Member Countries (22) are: Jordan, United Arab Emirates, Bahrain, Tunisia, Algeria, Djibouti, Saudi Arabia, Sudan, Syria, Somalia, Iraq, Oman, Palestine, Qatar, Kuwait, Lebanon, Libya, Egypt, Morocco, Mauritania, Yemen, Comoros.
The fund aims at contributing to the achievement of the following objectives:
1.Correcting disequilibria in the balance of payments of member States.
2.Striving for the removal of restrictions on current payments between member States.
3.Establishing policies and modes of Arab monetary co-operation.
4.Rendering advice, whenever called upon to do so, with regard to policies related to the investment of the financial resources of member States in foreign markets.
5.Promoting the development of Arab financial markets.
6.Paving the way towards the creation of a unified Arab currency.
7.Promote trade among member States.
The IT Security Officer function is viewed to be one of the key functions supporting the design, implementation and monitoring of the information security structure at the Arab Monetary Fund. In this capacity, the Security Officer reports directly to the Chief, IT Division within the Finance and IT Department at the Arab Monetary Fund. It further supports AMF’s IT strategic direction by proactively considering security threats and initiatives. To this end, the role requires an enthusiastic and passionate professional with a keen interest and ability to keep abreast of developments in information and communications technology.
- Maintaining a solid in depth understanding of the security issues and vulnerabilities facing the components of the IT environment at the Arab Monetary Fund.
- Keeping well informed about the threats facing ICT in general and in what relates to the preventive measures and tools recommended to address AMF environment in particular.
- Providing support to the IT Division in formulating and implementing security programs. This includes proposing policies and providing configuration management for security-relevant information system software, hardware, and firmware.
- Providing technical security guidance with value added, based on relevant industry standards and organizational policies.
- Developing the Body of Evidence to support the assessment and authorization of information systems
- Using vulnerability assessment tools to develop and interpret risk assessment reports.
- Identifying the security categorization of information systems and documenting relevant security controls.
- Performing regular system inspections, tests, periodic system audits, conducts media reviews and comprehensive investigations of computer security incidents.
- Coordinating with other organizations and vendors for expertise as needed.
- Ability to follow analytical approach when hunting for IT security holes
- Ability to assess possible vulnerabilities and to fill the gaps
- Perform assessments to vulnerabilities and execute penetration tests
- Ability to demonstrate and forensically exhibit how IT networks are attacked.
- Readiness and ability to train and educate users at various levels on the importance of cyber security and means of protection.
- Ability to anticipate and expect potential cyber-attacks and to take advance measures to increase security arrangements and precautions to nullify such attacks.
- Ability to work within a team in a demanding environment.
- Must be able to articulate risk mitigations and answer technical security enquiries in a professional manner.
- Understanding of system vulnerabilities and exploitation
- Understanding of vulnerability mitigation.
- DOD 8570 compliance (CISSP, Security +, etc.)
- Enhanced knowledge in Risk Management and mitigation
- Knowledgeable in cyber threats and attacks
- Solid awareness of best practices, security standards and governing controls
- Skillful in analyzing technical problems from various perspectives.
- Proven skills in diagnosing and troubleshooting security related problems
- Understand architecture, administration, and management of various operating systems and IT networks
- Knowledge in configuring network devices especially routers, switches, firewalls and other traffic filters as per industry standards and promoted guidelines
- Appropriate skills in managing and reporting security incidents
- Must have strong analytical skills that enable understanding computer systems, identifying potential weaknesses, and designing and implementing possible solutions.
- Skills in Network and Systems monitoring and Administration
- Proven skills and experience in ethical hacking of systems and networks
- Bachelor Degree in Information Technology, Computer Science, MIS or other related business specialization from a reputed university is a must.
- Certifications in CISSP, CAP, Security+, or related is a plus
- Must have at least 10 years of working experience in relevant IT security position, with a good portfolio of relevant professional and technical skills.
- 5+ years of experience hardening operating systems (Linux, Windows).
- 5+ years of experience with vulnerability and compliance scanning tools
- Must have exceptional writing capabilities on technical and process security controls.
Excellent communication skills in Arabic and English.