MANAGER - CYBER SECURITY

The Cyber Security Manager is responsible to safeguard the groups critical information, systems, and infrastructure against cyber threats and attacks. This involves developing and maintaining a comprehensive cyber security program that aligns with the group's strategic objectives, industry regulations, and best practices. The Cyber Security Manager provides strategic leadership in managing cyber security risks, ensuring the confidentiality, integrity, and availability of sensitive data and operational systems.

The role fosters a strong cyber security culture, drive incident response and recovery planning, and collaborate with cross-functional teams to integrate security practices across the organization. Ultimately, the Cyber Security Manager plays a crucial role in protecting the aviation group's critical assets, maintaining operational resilience, and upholding the organization's reputation.

1. Risk Assessment and Management
   • Conducting thorough risk assessments to identify potential cyber threats and vulnerabilities within the aviation group's systems, networks, and infrastructure.
   • Developing and implementing comprehensive risk management strategies to mitigate identified risks, prioritizing the most critical areas.
   • Continuously monitoring the threat landscape and updating risk management plans accordingly.
2. Security Governance and Policy Development
   • Establishing and maintaining robust cyber security policies, standards, and procedures tailored to the aviation group's specific needs.
   • Ensuring compliance with relevant industry regulations, such as the Aviation Cyber Security Regulation (AVCSR) and the General Data Protection Regulation (GDPR).
   • Defining clear roles, responsibilities, and accountability for cyber security within the organization.
3. Security Architecture and Implementation
   • Designing and overseeing the implementation of secure and resilient information systems, networks, and operational technology (OT) components.
   • Integrating security controls, such as firewalls, intrusion detection/prevention systems, and access management solutions, to protect against cyber threats.
   • Ensuring the proper configuration and maintenance of these security systems.
4. Incident Response and Recovery Planning
   • Developing and regularly testing incident response and business continuity plans to ensure the organization's ability to effectively respond to and recover from cyber incidents.
   • Coordinating with relevant stakeholders, including IT teams, operational personnel, and external agencies, to manage cyber incidents.
   • Implementing lessons learned from incidents to improve the organization's cyber security posture.
   • Develop a comprehensive incident response plan that outlines the procedures and actions to be taken in the event of a cyber security incident or data breach.
   • Clearly define the incident response team, their roles and responsibilities, and the communication protocols to be followed during an incident.
   • Establish incident classification and escalation criteria to ensure timely and appropriate response based on the severity and impact of the incident.
   • Implement robust incident detection, analysis, and containment mechanisms to quickly identify, investigate, and mitigate the impact of cyber threats.
   • Ensure the incident response plan is regularly tested and updated to address evolving threats and lessons learned from previous incidents.
5. Security Awareness and Training
   • Providing ongoing cyber security awareness training for all employees, from senior leadership to operational staff.
   • Fostering a strong cyber security culture within the aviation group, emphasizing the role of every individual in maintaining a secure environment.
   • Collaborating with human resources and training departments to ensure effective security awareness campaigns and programs.
   • Conduct periodic cyber security incident response and recovery exercises to test the aviation group's preparedness and response capabilities.
   • Involve cross-functional teams, including IT, operations, legal, and public relations, to simulate realistic cyber attack scenarios and assess the organization's ability to coordinate and respond effectively.
   • Incorporate lessons learned from these exercises into the continuous improvement of the incident response and recovery plans.
   • Collaborate with industry peers, regulatory bodies, and other stakeholders to participate in joint cyber security exercises and share best practices.
6. Vendor and Third-Party Risk Management
   • Evaluating and managing the cyber security risks associated with third-party vendors, suppliers, and service providers.
   • Implementing robust vendor due diligence processes and contractual requirements to ensure the security of the aviation group's supply chain.
   • Monitoring and assessing the cyber security posture of third-party partners on an ongoing basis.

Bachelor's degree in Cyber Security, Information Security, or a related field.

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):

In the next step, you will have the opportunity to enter our employment application process. This application process consists of multiple steps designed to collect information about your skills and interests, which will then be matched against the job requirements.

Your decision to enter the application process by supplying your personal information indicates you understand and AGREE with the following:

• I. The information I am submitting is complete and accurate. I am FULLY aware that providing false information during any of the steps of the application process will lead to the rejection of my application or termination of my employment, AND
• II. I am FULLY aware that further verification may be needed from my side. I will submit original documents that verify my employment history and educational qualifications upon request, AND.
• III. By providing my personal data, I consent to Gulf Air B.S.C. (C) based in Manama, Kingdom of Bahrain (referred to as Company) and/or any of its subsidiaries or affiliates to use my information for the purpose of administrating and assessing future announcement of available jobs within the Company as set out in the Recruitment Privacy Notice, AND
• IV. If appropriate, I am aware that the data I am authorizing may include information about physical, medical and mental health or any criminal proceedings will be used for assessment to the suitability of employment and monitoring of the Company and its subsidiaries compliance with equal opportunities legislation.

The Company may make such information available to any Gulf Air Group Companies, and third parties who provide relevant products or services to the Company (such as recruitment consultants, data processors, website hosting service providers, advisers and outsourcing service providers).

I consent to the transfer of such information to any company within the Company and such third parties throughout the world as set out in the Recruitment Privacy Notice to further my employment application.

Apart from such third parties, the Company will not trade, sell or share my personal data to any other third party, without my written consent, unless required by law.