10 Information Security jobs in Oman

About Muscat Finance SAOG:

Muscat Finance SAOG is a leading technology driven finance company in Oman, committed to providing innovative financial solutions and excellent customer service. We are dedicated to maintaining the highest standards of integrity, transparency, and security in all our operations.

Role Overview:

We are seeking a highly skilled Information Security Officer to join our team. The successful candidate will be responsible for developing and implementing information security policies and procedures to protect the company's information assets. This includes conducting risk assessments, ensuring compliance with regulatory requirements, and responding to security incidents.

Key Responsibilities:

• Develop, implement, and maintain comprehensive information security policies, standards, and procedures in line with industry best practices (e.g., ISO 27001, NIST) and local regulatory requirements.
• Oversee regular risk assessments, vulnerability assessments , and penetration tests to identify and mitigate potential security threats.
• Monitor security systems and tools for security incidents, anomalies, and breaches, and respond effectively to security incidents.
• Lead incident response efforts, including investigation and post-incident analysis.
• Implement and manage security awareness training programs for all employees to foster a security-conscious culture.
• Evaluate, recommend, and implement new security technologies and solutions to enhance the organization's information security posture.
• Collaborate with IT, operations, and other departments to integrate security into all aspects of business operations.
• Prepare regular reports on the status of information security to Board of Directors and Senior management.
• Manage and oversee third-party security assessments and audits.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree is a plus.
• Minimum of 5 years of progressive experience in technology, with at least 2 years in Information Security role, preferably within the financial services industry.
• Relevant professional certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly preferred.
• Strong understanding of information security frameworks and standards (e.g., ISO 27001, NIST, COBIT).
• Proven experience in conducting risk assessments, vulnerability management, and incident response.
• Familiarity with network security, application security, cloud security, and data protection principles.
• Excellent knowledge of security technologies and tools (e.g., firewalls, SIEM, EDR, DLP).
• Solid understanding of regulatory requirements related to information security in the financial sector.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
• Ability to work independently and as part of a team in a fast-paced environment.

contact email address:

Summary of Role

Responsible for supporting the Information Security Office (ISO) in the implementation and oversight of the Bank’s Governance, Risk, and Compliance (GRC) activities, while assisting in security monitoring and operational tasks related to cybersecurity. The role ensures ongoing alignment with regulatory frameworks, international standards (e.g., ISO 27001, PCI DSS), and the Bank’s internal security policies and procedures.

Key Objectives

Governance, Risk, and Compliance (GRC)

• Monitor implementation of the Information Security Framework in accordance with ISO 27001 and other relevant standards.

• Ensure regular risk assessment is carried out against all third party, outsourced, cloud services and controls are properly applied.

• Assist in preparing, monitoring and submitting MIS reports and key risk indicators (KRIs) related to Information Security.

• Coordinate with internal stakeholders to ensure all change requests are reviewed in accordance with Information Security guidelines.

• Maintain and update records of information security-related policies, procedures, and documentation.

• Ensure completion of all security health checks of ISO tools.

Operational Support

• Oversee access control lists and ensure proper user permissions are in place.

• Ensure Business Continuity (BCM) tools and Information Security solutions are functional at the Disaster Recovery (DR) site.

• Review contracts, annual maintenance agreements, and renewal schedules for security tools and systems.

• Support the audit process by coordinating responses and action plans for Information Security-related findings.

• Participate in security incident investigations and assist in root cause analysis and response documentation.

Awareness & Training

• Organize Information Security awareness programs across the Bank.

• Provide training materials and knowledge-sharing sessions for staff to build security awareness.

• Ensure Training and awareness related to Information security is planned, developed, and delivered to users.

Compliance Monitoring

• Ensure timely submission of deliverables for audit and regulatory compliance.

• Support periodic internal reviews and contribute to the improvement of SOPs.

• Track implementation status of remediation plans for identified vulnerabilities and audit observations.

Other Responsibilities

• Perform additional duties as assigned by the Head of Information Security or Risk Management.

• Maintain version control for Information Security documentation and ensure alignment with approved procedures.

Candidate Specifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• Minimum 5 years of relevant experience in Information Security implementation, Governance, or Operations.

• Threat Detection and Response: Identify potential security threats through monitoring network traffic, system logs, and other data sources. Respond quickly to contain and mitigate threats.
• Incident Management: Investigate security incidents, contain breaches, and restore systems to normal operation.
• Vulnerability Management: Identify, classify, and prioritize vulnerabilities in systems and applications. Implement patches and fixes to prevent exploitation.
• Security Information and Event Management (SIEM): Use SIEM tools to monitor, analyze, and respond to security-related data from various sources.
• Compliance and Governance: Ensure security practices comply with regulatory requirements and industry standards.
• Security Awareness Training: Educate employees on security best practices and phishing attacks.
• Continuous Monitoring: Regularly review and update security controls, policies, and procedures.
• Compliance: Ensure compliance with regulatory requirements, such as HIPAA, PCI-DSS, and GDPR.
• Security Policies: Develop and implement security policies, procedures, and standards.
  
  

• Technical expertise in security tools and technologies
• Analytical and problem-solving skills
• Communication and collaboration skills
• Knowledge of security frameworks and regulations
• Ability to work under pressure and respond to incidents quickly
  
  

• SIEM systems
• Intrusion Detection Systems (IDS)
• Firewalls
• Antivirus software
• Vulnerability scanning tools
  
  

• Security frameworks and standards (NIST, ISO 27001)
• Security technologies (firewalls, intrusion detection systems, encryption)
• Compliance regulations (HIPAA, PCI-DSS, GDPR)
  
  

• Cloud Security: Experience with cloud security platforms (AWS, Azure, GCP).
• DevSecOps: Experience with DevSecOps practices and tools.
• Security Automation: Experience with security automation tools (SIEM, SOAR).
  
  

• Lead the design, implementation, and maintenance of GRC frameworks and tools such as RSA Archer and ServiceNow GRC.
• Manage and support risk assessment, compliance monitoring, and governance programs across the organization.
• Drive integration of IAM, PAM, firewall (e.g., MSB, SEIL), and other security tools into the GRC ecosystem.
• Oversee and support internal audits, regulatory compliance initiatives, and remediation plans.
• Collaborate with security, infrastructure, and application teams to ensure policy adherence and risk mitigation.
• Provide technical leadership and direction to GRC initiatives and act as a subject matter expert.
• Monitor emerging regulatory and compliance trends in the banking/financial sector.
• Participate in security incident response, including analysis and remediation from a risk perspective.
• Contribute to project planning, stakeholder engagement, and reporting for GRC-related projects.
  
  

• Bachelor's or Master's degree in Information Security, Computer Science, or a related field.
• 7+ years of experience in GRC, risk, and compliance, with a strong technical background.
• Proven expertise in RSA Archer, ServiceNow GRC, and integration with IAM/PAM systems.
• Hands-on experience with MSB, SEIL, and firewall/security technologies.
• Solid understanding of risk frameworks (e.g., NIST, ISO 27001, COBIT).
• Experience in handling audits, risk assessments, and regulatory compliance for banking or financial services.
• Familiarity with Identity & Access Management (IAM), Privileged Access Management (PAM), and endpoint protection.
• Project management skills and experience leading cross-functional teams are preferred.
• Excellent communication, documentation, and stakeholder engagement skills.
  
  

• CISSP, CISM, CRISC, or equivalent.
• RSA Archer Certification / ServiceNow GRC certification.
• PMP or any project management certification (preferred but not mandatory).
  
  

Company Description

Crowe Mak Ghazali, Auditors and Business Advisors, is a member firm of Crowe Global established in the Sultanate of Oman in 1995. Located in Muscat, we are among the top ten Auditing and Accounting firms in Oman. We offer a wide range of services including accounting, auditing, business consulting, and tax advisory. Our mission is to provide total business solutions to our clients, supporting them from company formation through to full business operations.

Role Description

This is a full-time on-site role for a Senior Information Security Consultant located in Muscat, Oman. The Senior Information Security Consultant will be responsible for managing and implementing Information Security Management Systems (ISMS), ensuring data privacy, overseeing cybersecurity measures, and maintaining network security. Daily tasks include risk assessments, security audits, developing security policies, and providing security training to staff. The role also involves staying updated with the latest security trends and technologies to recommend and apply necessary changes.

Qualifications

Information Security Management System (ISMS) and Information Security Management skills

Data Privacy and Cybersecurity expertise

Network Security management experience

Excellent analytical and problem-solving skills

Strong communication skills and ability to work collaboratively

Relevant certifications such as CISSP, CISA, CISM, or similar

Bachelor's degree in Information Technology, Cybersecurity, or related field

Experience in the financial or consulting industry is a plus

About Muscat Finance SAOG:

Muscat Finance SAOG is a leading technology driven finance company in Oman, committed to providing innovative financial solutions and excellent customer service. We are dedicated to maintaining the highest standards of integrity, transparency, and security in all our operations.

Role Overview:

We are seeking a highly skilled Information Security Officer to join our team. The successful candidate will be responsible for developing and implementing information security policies and procedures to protect the company's information assets. This includes conducting risk assessments, ensuring compliance with regulatory requirements, and responding to security incidents.

Key Responsibilities:

• Develop, implement, and maintain comprehensive information security policies, standards, and procedures in line with industry best practices (e.g., ISO 27001, NIST) and local regulatory requirements.
• Oversee regular risk assessments, vulnerability assessments , and penetration tests to identify and mitigate potential security threats.
• Monitor security systems and tools for security incidents, anomalies, and breaches, and respond effectively to security incidents.
• Lead incident response efforts, including investigation and post-incident analysis.
• Implement and manage security awareness training programs for all employees to foster a security-conscious culture.
• Evaluate, recommend, and implement new security technologies and solutions to enhance the organization's information security posture.
• Collaborate with IT, operations, and other departments to integrate security into all aspects of business operations.
• Prepare regular reports on the status of information security to Board of Directors and Senior management.
• Manage and oversee third-party security assessments and audits.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree is a plus.
• Minimum of 5 years of progressive experience in technology, with at least 2 years in Information Security role, preferably within the financial services industry.
• Relevant professional certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly preferred.
• Strong understanding of information security frameworks and standards (e.g., ISO 27001, NIST, COBIT).
• Proven experience in conducting risk assessments, vulnerability management, and incident response.
• Familiarity with network security, application security, cloud security, and data protection principles.
• Excellent knowledge of security technologies and tools (e.g., firewalls, SIEM, EDR, DLP).
• Solid understanding of regulatory requirements related to information security in the financial sector.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
• Ability to work independently and as part of a team in a fast-paced environment.

contact email address:

• Threat Detection and Response: Identify potential security threats through monitoring network traffic, system logs, and other data sources. Respond quickly to contain and mitigate threats.
• Incident Management: Investigate security incidents, contain breaches, and restore systems to normal operation.
• Vulnerability Management: Identify, classify, and prioritize vulnerabilities in systems and applications. Implement patches and fixes to prevent exploitation.
• Security Information and Event Management (SIEM): Use SIEM tools to monitor, analyze, and respond to security-related data from various sources.
• Compliance and Governance: Ensure security practices comply with regulatory requirements and industry standards.
• Security Awareness Training: Educate employees on security best practices and phishing attacks.
• Continuous Monitoring: Regularly review and update security controls, policies, and procedures.
• Compliance: Ensure compliance with regulatory requirements, such as HIPAA, PCI-DSS, and GDPR.
• Security Policies: Develop and implement security policies, procedures, and standards.
  
  

• Technical expertise in security tools and technologies
• Analytical and problem-solving skills
• Communication and collaboration skills
• Knowledge of security frameworks and regulations
• Ability to work under pressure and respond to incidents quickly
  
  

• SIEM systems
• Intrusion Detection Systems (IDS)
• Firewalls
• Antivirus software
• Vulnerability scanning tools
  
  

• Security frameworks and standards (NIST, ISO 27001)
• Security technologies (firewalls, intrusion detection systems, encryption)
• Compliance regulations (HIPAA, PCI-DSS, GDPR)
  
  

• Cloud Security: Experience with cloud security platforms (AWS, Azure, GCP).
• DevSecOps: Experience with DevSecOps practices and tools.
• Security Automation: Experience with security automation tools (SIEM, SOAR).