Candidates, please take note! With the introduction of our new Recruitment Management System (RMS), we kindly ask candidates who submitted applications prior to April 22nd, 2024, to re-register while applying for any relevant positions.

ZAIN1068 - Information Security Risk Expert Engineer

  • Operation
    Zain Iraq
  • Division
    Risk Management
  • Location
    Iraq - Baghdad
  • Closing Date
About Zain
Zain is the pioneer of mobile telecommunications in the Middle East. We began life in 1983 in Kuwait as the region’s first mobile operator, and since the initiation of our expansion strategy in 2003, we have expanded rapidly. Today, we are a leading mobile voice and data services operator with a commercial footprint in 7 Middle Eastern and Africa countries with a workforce of over 7,900 providing a comprehensive range of mobile voice and data services to over 42.4 million active individual and business customers as of March 31, 2024.
Role Purpose

Zain Iraq is Actively recruiting to hire Information Security risk expert is responsible for providing security guidance for all security projects, including the evaluation and recommendation of security controls. He/ she will also be hands-on and responsible for contributing to the security posture enhancements through various engagements.

  • Assist with the review of information security policies, guidelines, and procedures.

  • Provide recommendations on applicable controls to mitigate identified threats and risks from an advisory perspective and collaborate with IT Operations in identifying actionable threats.

  • Assist with developing a full-year roadmap to address the potential risks and threats with the business case.

  • Collaborate with IT operations in conducting security risk assessments to determine information security requirements across all applicable processes and associated systems.

  • Conduct Vulnerability Assessment of systems to identify vulnerabilities and assist system owners in mitigation

  • Provide support to ensure a productive and secure environment with an emphasis on Information Security.

  • Collaborate with the Group to assist in maintaining the Group Security Dashboard showing the current level of threat, the status of known vulnerabilities, the progress of regular/planned activities and the efficiency of incident management.

  • Assist with the maintenance of the Information Security Management System (ISO 27001:2013) and NIST framework where applicable.

  • Suggest security requirements to align with the outlined 2023-25 Group cybersecurity strategy.

  • Provide support for information security training & awareness campaigns

  • Participate in security operations and incident response and provide support as needed for Zain Iraq

  • Assist with the evaluation of security threats, and their impacts and ensure implementation of appropriate processes and controls to mitigate or minimize them.

  • Work with multiple stakeholders internal and external penetration testing vendors in the successful completion of VA & PT Activity.

  • Proficient in network security and web application security with previous hands-on experience in Network security tools NMAP, Nessus/Qualys and Metasploit.

  • Intermediate experience with enterprise governance, risk, and compliance platforms

  • Proficient in either Microsoft Azure or Amazon Web Services cloud.

  • Hands-on experience in information security infrastructure solutions such as but not limited to Identity & Access Management, Security Information & Event Management, Endpoint Detection and Response, Intrusion Detection and Prevention Systems and Firewalls to be able to review systems and identify relevant threats and make recommendations from an advisory perspective.

  • Support the Business Continuity Teams at OpCos to ensure that the disaster recovery plans for Information Security controls are documented and address availability risks.

Educational Qualifications and Experience

Educational Qualifications          

  • Bachelor’s degree in computer science, Information Technology or equivalent

  • Preferably be Security+/ Network +, CEH, CRISC/ CISSP OR SANS GIAC GPEN/ GXPN certified. Preferably hold a master’s degree in the field


  •  A minimum of 4 years of relevant experience with at least 2 years in a similar role



  • Achievement Driven

  • Information Seeking

  • Problem Solving and Creativity

  • Relationship Building

  •   Initiative



  • Oral and Written Communication  

  • Managing Information

  • Technology Application

  • Quality, Health, Safety, Security and Environment

  • Capacity Planning and Demand Management

  •   IT User Support

  • IT Business Analysis

DEI Competency

  • Courage to Engage

  • Addressing Bias

  • Allyship

About Application Process

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):

1. Resume/CV