IT Security Officer

Job Title: IT Security Officer

Department: Information Technology
Reports To: Head of IT
Location: Bahrain
Employment Type: Full-time

Job Purpose:

The IT Security Officer is responsible for protecting the organization’s computer systems, networks, and data from security breaches, cyber threats, and unauthorized access. This role ensures the confidentiality, integrity, and availability of information assets through policy enforcement, risk assessment, and implementation of security controls.

Key Responsibilities:

1. Security Governance & Compliance

• Develop, implement, and maintain IT security policies, standards, and procedures.
• Ensure compliance with regulatory requirements (e.g., ISO 27001, NIST, GDPR, PCI-DSS, etc.).
• Conduct periodic reviews and audits to ensure adherence to security frameworks.

2. Risk Management

• Identify and assess security risks, threats, and vulnerabilities across systems and networks.
• Conduct regular penetration tests, vulnerability scans, and risk assessments.
• Develop and maintain a risk register and mitigation plan.

3. Incident Response & Investigation

• Lead the response to security incidents and breaches.
• Perform root cause analysis and prepare incident reports.
• Coordinate with internal teams and external partners to contain and remediate incidents.

4. Security Infrastructure Management

• Manage and monitor firewalls, antivirus systems, IDS/IPS, SIEM, and endpoint protection tools.
• Oversee access control and identity management systems.
• Ensure timely patching and system updates to reduce vulnerabilities.

5. Awareness & Training

• Conduct cybersecurity awareness sessions for staff.
• Develop and distribute security best practices and training materials.

6. Continuous Improvement

• Stay updated on emerging cyber threats and industry trends.
• Recommend and implement improvements to the organization’s security posture.

Qualifications & Requirements:

Education:

• Bachelor’s degree in Computer Science, Information Security, or related field.
• Master’s degree (preferred).

Certifications (preferred):

• CISSP, CISM, CEH, CompTIA Security+, or ISO 27001 Lead Implementer.

Experience:

• 3–7 years of experience in IT security, network administration, or systems management.
• Hands-on experience with security tools (firewalls, SIEM, endpoint protection, etc.).

Skills:

• Strong knowledge of network and system security principles.
• Incident detection, response, and forensics.
• Excellent analytical and problem-solving skills.
• Strong communication and reporting abilities.

Key Performance Indicators (KPIs):

• Reduction in number of security incidents and vulnerabilities.
• Compliance audit results.
• Employee cybersecurity awareness levels.
• Response and resolution time for incidents.

Job Types: Full-time, Contract
Contract length: 12 months

Pay: BD700.000 - BD1,500.000 per month