Company Description



KEY ACCOUNTABILITIES:

Strategic Contribution

Work with leadership team in identifying and prioritizing the initiatives that help in achieving the objectives of Information security strategy. Ensure that projects/programs in support of strategy are effectively implemented and managed to deliver the agreed outcomes.

People Management

Ensure that the goals are achieved through effective leadership and management by setting individual objectives, monitoring performance, supporting the development of staff, and motivating them to achieve their best work.

Information Security Policy Framework

Develop and Maintain Information Security Policy framework that includes information security policy, standard operating procedures and security baselines and in line with the regulations, standards, and industry best practices.

Perform periodic reviews of the policies and procedures to ensure they are up to date, cover the threat landscape and comply with the organizational policy and regulatory/standard requirements

Security Awareness

Develop and roll out role-based security awareness program plan and annual calendar covering the employees and contractors.

Conduct assessment exercises including phishing assessments to evaluate the effectiveness of awareness program.

Identify the gaps and amend the program content in line with the assessments.

Develop relevant metrics and prepare dashboard for management and operational reporting.

Identify the opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction.

Business Continuity Framework, Planning & Governance

Develop business continuity management framework that includes policies, procedures, BIA/BCP templates etc., in line with industry best practices and regulatory requirements.

Establish business continuity plans to address different types of likely or plausible risks/scenarios the organization might face order be resilient against such risks.

Oversee risk assessment and business impact analysis, response options, training, testing and maintenance, emergency response, crisis management and recovery processes.

Monitor and review BCM plans to ensure strategies remain consistent with current operations, risks and threats, resiliency requirements, response, and recovery priorities, and that they incorporate lessons from testing and activation.

Conduct training and awareness programs and facilitate their implementation to ensure that staff can effectively execute BCM plans

Relationship Management

Build & nurture relationships among the information security team, technology and line of business teams to ensure alignment as required.

Job Context

Specific Accountability

Covered Above

Qualifications

QUALIFICATIONS & EXPERIENCE:

Minimum Qualification

Graduate / Postgraduate in IT.

In depth knowledge of common information security management standards & frameworks, such as ISO, PCI, COBIT, NIST.

In depth knowledge of security threat vectors and ability to simply them in to non-technical patterns/examples/guidance notes to use for awareness program.

Experience in developing information security policy framework, procedures in line with industry best practices.

Experience in developing security awareness programs, plans and conduct the classroom-based session.

Experience in developing metrics to measure the effectiveness of awareness or training programs.

General Knowledge on concepts related to the security technologies like Firewalls, WAF, IPS, DDoS, DAM, PAM, EDR, OWASP Top 10 threats.

8+ years of experience in a medium to large enterprise environment with at least 3 years in managing Business Continuity program and/or Information Security Awareness Program preferably from a Banking/Financial/Consulting background

Information Security related certifications like CISA/CISM/CISSP/PCI QSA would be added advantage

First Abu Dhabi Bank