Manager - Information Security & Business Intelligence

• Lead the design and implementation of a new cyber security risk framework to be implemented across different Bupa Arabia Divisions and Departments.
• Build departmental relationships and establish credibility by demonstrating knowledge of various aspects of cyber security, identifying gaps and remediation roadmap.
• Offer security guidance and remediation strategies for Bupa Arabia and its stakeholders.
• Approve and conduct assurance reviews and scanning of current applications and of the infrastructure provided by internal hosting and network service provider.
• Have a strong technical proficiency of security-specific technology solutions specific to the Identity & Access Management domain (e.g., Directory Services, Entitlement Management, Federation/SSO, Attestation/Certification, Provisioning & Automation, Role Based Access, and Privilege Access Management).
• Support Bupa Arabia Divisions and Departments in the development of Security Policies governing IT practices and identify ownership.
• Establish workflow mechanism to manage, log, alert, forensic handling, phishing, information leakage and regression analysis of all security incidents.
• Utilize profound knowledge of attack methodologies, vectors, techniques, protocols and counter measure, experience in managing information security incidents.
• Assess information risk and remediate identified vulnerabilities with network, systems, and applications.
• Report on findings and recommendations for corrective action.
• Perform vulnerability assessments as assigned utilizing IT security tools and methodologies.
• Perform assessments of the IT security/risk posture within the IT network, systems, and software applications, in addition to assessments within the Vendor Management Program.
• Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios. Facilitate and monitor performance of risk remediation tasks. Maintain oversight of TSBT and vendors regarding the security maintenance of their systems and applications.
• Address questions from internal and external audits and examinations. As deemed necessary, assist in all IT audits, IT risk assessments and regulatory compliance.
• Facilitate IT security/risk training curriculum. Serve as project manager/lead within IT security projects.
• Promote awareness of applicable regulatory standards, upstream risks, and industry best practices.
• Ensure regular, predictable, and timely attendance at work to meet department workload demands.
• Lead and review the architecture, design, and development of the next generation Business Intelligence (BI) and Data warehouse environment.
• Work with business stakeholders to gather, analyze, and translate reporting requirements in the BI reporting domain and Key Risk Indicators, recommend and create requirements for TSBT for development.
• Manage the business support of the production BI applications, throughout defining change requests for new requirements, system modifications, and system maintenance cycles with agreed SLA’s with TSBT.
• Work with TSBT to plan and maintain the technical infrastructure performance and storage requirements, considering active data and data at rest with the archiving options.
• Display profound understanding and expertise in multiple ETL development tools and how to leverage for effective Data Warehouse implementation and management.
• Deploy knowledge of OLTP and OLAP architectures, methods, and processes as it will influence the input and output design.
• Show the value added by offering "data-as-a-service" to the end users, providing self-service reporting solutions, and provide all training materials, as well as leading data governance initiatives, different cubes, and data marts for different departments.
• Support data analytics strategies across the Risk Division.
• Develop and provide new risk-related business intelligence solutions, capitalizing on a comprehensive Key Risk Indicators’ library (in line with best practices and regulatory requirements).
• Use analytical skills to monitor plan Key Risk Indicators and communicate to corresponding risks owners for mitigation strategies planning.
• Oversee ad-hoc and operational reports; perform quality assurance functions as they relate to reporting and data validation.
• Review test plans and monitors testing process to ensure that business results are tested, provide support to test teams and resolve issues based on test results.
• Research tools, frameworks and mechanisms for risk relating data analytics. Interface with vendors to keep abreast of new technologies, pricing, and customer applicability.
• Provide guidance, training, and problem-solving assistance to other Risk Division members. Coach less-experienced individuals.
• To report all information risk incidents, or suspicious activity as soon as possible to line management or appropriate authority in accordance with local incident reporting procedures.
• To assess incidents for their threat to information assets, investigate where threat is assessed as significant.
• Ensure that the capabilities to monitor, detect, contain, respond, and investigate to information risk incidents are implemented for business processes or systems that routinely handle sensitive information.
• Make sure that information risk incident management procedures, including escalation procedures, are documented, and tested annually.
• Report all losses that result from information incidents to the Chief Risk Officer.
• Be responsible for the coordination, preparation, posting and publishing of the Security Governance framework, policy, and procedure materials (policies, papers, training materials) on Bupa Arabia intranet.
• Be responsible for the coordination, preparation, posting and publishing of the Enterprise Data Governance framework, policy, and procedure materials (policies, papers, training materials) on Bupa Arabia intranet.
• Carry-out an ongoing routine to revisit the security and enterprise data policies and continue updating the content leveraging best practices.
• Develop communications and awareness materials relating to the Governance Framework and Policies, key roles, and responsibilities.
• Provide advice and support to other functions on the development and documentation of frameworks, policies, and procedures in a consistent manner across the organization.
• Collaborate with different Divisions and Departments, for cross domain data initiatives and analytics.
• Work with multiple stakeholders to ensure applications are properly tracked to enable analytics. 
• Actively question other Divisions, Departments, and stakeholders to understand their requirements and reach the best solutions.

• Comprehensive ISO 27001, PCI-DSS, NIST and Cyber Essentials knowledge
• Working experience with information security or Internal Audit with information security department of identifying risks assessing risks, priorities and provide adequate solutions
• Excellent influencing, communication and negotiating skills
• Excellent stakeholder management skills
• Working under pressure, meeting deadlines, problem solving
• Strong English written and spoken essential
• Experience of developing, implementing, and maintaining security frameworks, policies and procedures essential

Computer Science, Computer Engineering or any relevant major