The Head of Information Security is responsible to cover the following key areas:
A. IT Security Governance, Risk and Compliance
- Defines the Information Security Strategic Plan, that addresses security gaps to enable MBAL to build up its capabilities using the “Protect, Detect, Respond and Recover” principles.
- Define the IT Security framework and associated IT Security Policies and Procedures (P&P).
- Oversees the overall IT Security of MBAL and ensures proper implementation, monitoring and execution of approve security initiatives and P&P.
- Ensures IT Operational Risks are managed and/or mitigated and that all existing IT security infrastructure is abreast with latest technology and industry standards.
- Cascades proper security awareness training and programs across MBAL organizations
- Ensures MBAL compliance and its employees with existing IT security laws and regulations as imposed by the government.
- Submits report at least annually, and when requested, to MBAL Executive Committee (Ex-Co) the level of implementation security initiatives within the organization.
B. Information Classification and Handling, Identity and Access Management (IAM)
- Identifies and implement IT Security measures to support the information classification process and handling rules as approved by Ex-Co.
- Define the IAM processes and procedures according with MBAL guideline requirements, by also involving the needed competent local functions.
C. IT Security
- Ensures IT disaster recovery plans and business continuity plan are in place and tested.
- Participates in the review of investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
- Enforce implementation of IT Security Policies within the organization and is based on industry-standard (ISO 270001) best practices and compliance requirements.
D. Cyber Security
- Ensure that appropriate systems are in place to detect potential threats and security incidents.
- Implements security incident management model and process.
- Governance and management of cyber security incident response process cooperating within MBAL-IT, local control functions, from detection till system restore and incident closure.
- Keep MBAL Senior Management and Control Functions timely informed on cyber security incidents.