Security Consultant - 12 Month Contract - Bahrain - £Neg.
An information security consultant/architect required to work on a Retail project, you will project manage all Information Security related tasks, including defining the security technical and functional requirements, designing the security architecture and systems integration and ensure that all security aspects are considered during all phases of the project and aligned to the master project plan and timeline.
Key roles and responsibilities:
- You will ensure all systems and IT/ Business requirements are complying with the security requirements driven by the Security policy and governance.
- Ensure all applications are meeting the Minimum Security Baselines/ standards. Also, ensure that PCI standards are well followed during the project phases.
- Implement the required security access controls and parameters on various applications.
- Coordinate with the respective teams to ensure PCI certification is acquired prior to Go-Live.
- Ensure the Information Security test cases are well defined and to be conducted during the testing cycle and raise the defects to IT for fixing.
- Coordinate with all related IT/ InfoSec units to implement the Security applications and solutions dedicated to this project and conduct the required sanity check to ensure all are in place (e.g. code review automation, WAF, SIEM, ATM Security)
- Implementing the security roles and profiles across applications based on the business requirements and ensures the security principles are enforced (“least privilege”, “need-to-know” and “segregation of duties”) and conduct a period recertification for such roles.
- Acquire the required signoff from all stakeholders on all defined users and roles prior to Go-Live.
- Coordinate External Penetration Testing and Security Assessment and follow-up on the compliance of the recommendations for the major applications.
- Active Directory Review and clean-up: This includes;
- The clean-up of Local Admin accounts on all workstations and to justify the valid ones.
- Non-standard policy is provided to most of the users due to the misconfiguration during the migration from BAH to GIB domain.
- Reviewing the AD security groups assigned to users (e.g. Social Media Groups) and justify the access
- Full review over the Privileged/ Admin accounts in the domain and justify the requests.
- Any uses who have not logged in for 3 months should be disabled. Also, resigned staff should be immediately disabled.
- Overall review users per departments (Based RBAC principle) and submit the required review to the business heads for signoff.
This role is to be based in Bahrain and requires onsite work. You will be employed by a UK company and paid in pounds sterling, for tax purposes.
For immediate consideration please contact Peter Sanders for immediate consideration