Head It Security

Dubai, United Arab Emirates
IFFCO
156 Current Jobs Openings
Apply Now

Job Description

b'

Job Summary

The Head of Information Security is responsible for establishing and maintaining a groupwide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the enterprise risk management. This position requires an individual with sound knowledge of business management and hands-on experience in various aspects of information security. The Head of Information Security will proactively work with the all business units of IFFCO and Corporate to implement practices that meet defined policies and standards for information security. He/She is responsible to oversee IT security operational activities across the Group. The Head of Information Security is also responsible for implementing and governing IT General Control across the IFFCO group. The role reports into Director \xe2\x80\x93 Infrastructure & Security.

Core Reponsibilities

The Head of Information Security is composed of various of responsibilities, including strategic, tactical, and operational activities in support of the overall organization\xe2\x80\x99s strategy. Information Security Strategy, Planning and Governance
Information Security Risk and Control Management
Information Security Projects execution
Information Security Operations Management (SOC)

Roles & Responsibilities

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and support risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
  • Liaise with the Infrastructure and Application teams to ensure alignment between the security and enterprise IT application\xe2\x80\x99s architecture, thus coordinating the strategic planning implicit in these architectures.
  • Experienced in designing the IT General Controls and implementing across IFFCO group. Experienced SAP & SAI GRC is an added advantage.
  • Create and manage information security and cyber risk management awareness training programs for all employees, contractors and approved system users.
  • Develop a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
  • Provide regular reporting on the current status of the information security program and ITGC controls to enterprise risk teams, senior business leaders.
  • Provide Third-party risk assessments for various IT vendors and Products, and issue security schedules.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  • Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
  • Provide strategic cyber risk guidance for technology projects, including the evaluation and recommendation of technical controls.
  • Liaise among the information security team and corporate compliance, audit, legal and human capital teams as required.
  • Manage security incidents and events to protect corporate technology assets, including intellectual property, regulated data and the company\'s reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
  • Mentor and coach direct reports ensuring success in their role and readiness for success into new roles within the information security function
  • Manage the enterprise\'s information security organization, consisting of direct reports and indirect reports (such as individuals in technology operations or managed service providers). This includes hiring, training, staff development, performance management and annual performance reviews.
  • Develop self and others within the function through mentoring, training and engagement in talent development activities

KPIs

  • Information Security Strategy definition and execution
  • Information Security awareness Program creation and execution
  • IT Risk Management
  • Information Security Policy, Standards creation and governance
  • Execution of security projects with in time lines and budgets
  • Creation of cyber incident response strategies and periodic exercise execution.

Work experience requirement


  • A minimum of 12 years of professional IT Risk and Security related experience
  • Expertise and experience in implementing & monitoring Information Security controls, practices and technology for multiple levels within an organization, cascade, and plan Training sessions as and when needed.
Technical Skills Required
  • Cloud security experience \xe2\x80\x93 Azure security certifications is added advantage.
  • SOC/Security Incident Management experience \xe2\x80\x93 CISM/Similar certification is added advantage.
  • Network security experience \xe2\x80\x93 Firewalls, IPS log analysis
  • Data Security experience \xe2\x80\x93 AIP, CASB, DLP, Intune etc
  • Preventive/Detective security tools \xe2\x80\x93 SIEM, xDR, EDR etc
  • Experienced in handling internal and external audits and IT General Controls.

Qualification

  • Bachelors Degree required. Master\'s Degree preferred.
  • IT Risk & Security Certification or similar preferred \xe2\x80\x93 e.g. CISA, CISM, CISSP, PCIP
  • Microsoft Azure and AWS Cloud Infra security expertise
  • Knowledge and expertise in Cisco, Checkpoint Firewalls, Fortinet and Cloud based internet access and web filtering, Web application Firewalls, DMZ, End user desktop/laptop/handheld devices security
  • Knowledge of security setup in SAP, Oracle, Windows and Linux systems.

Competencies

Business Acumen
Driving Results
End user Computing environment
IT Architecture (Infra and Application)
IT Budget and cost control
Knowledge of Corporate Governance Practices
Leading and Managing Change
Ownership and Accountability
Self and Team Management
Strategic Thinking
Business Unit: Corporate-Information Services (4205)
Business Group: Information Services (2629)

Beware of fraud agents! do not pay money to get a job

MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD1575103
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Dubai, United Arab Emirates
  • Education
    Not mentioned
 
 
Jobs by Function
Popular Job Skills
Popular Industries
Popular Cities
Jobseekers
Employers
Home | About Us | Terms & Conditions | Privacy Policy | Help and FAQ | Contact Us
All rights reserved © 2024.