Job PurposeTo ensure and support Information security operations and protecting ENEC\'s internal systems and coordinate between the various ENEC functions. Moreover to ensure that security controls are maintained and under compliance of the existing Information Security Standards applied within ENEC.Key Activities, Responsibility & AccountabilityTo conduct security researches to keep abreast of latest security issues and ensure that ICT is briefed accordingly.

• To participate in the planning and the implementation of all computing and network infrastructure projects (i.e. upgrades, enhancements, etc.) to ensure compliance with the IT Security architecture.

Activity: Continuity managementResponsibility:

• Owns the service continuity planning process and leads the implementation of resulting plans.

• Coordinates the identification by specialists across the organization of information and communication systems which support the critical business processes, and the assessment of risks to the availability, integrity, and confidentiality of those systems.

• Evaluates the critical risks associated with these systems and identifies priority areas for improvement.

• Coordinates the planning, designing, testing of maintenance procedures and contingency plans to address exposure to risk and ensure that agreed levels of continuity are maintained.

Activity: Technical SpecialismResponsibility:

• Maintains knowledge of specific technical specialism provides detailed advice regarding their application and executes specialized tasks. The specialism can be any area of information or communication technology, technique, method, product or application area.

Activity:Health and Safety, Security and Business ContinuityResponsibilities and Accountabilities:

• Ensure compliance to all relevant health, safety and environmental management policies, procedures, and controls across the Section by the delivery of the Health and Safety Management Program to guarantee employee safety, legislative compliance, delivery of high-quality services and a responsible environmental attitude.

• Follow all relevant Security policies, processes, procedures, and instructions to ensure security compliance in all aspects of work, by applying them on self, others, and corporate assets.

• Ensure the compliance with Business Continuity and Resilience requirements for adherence to policies, procedures and instructions related to the effective planning for, and response to, incidents and/or business disruptions in order to continue critical business processes and activities with minimal adverse impact.

Activity:People ManagementResponsibilities and Accountabilities:

• Manage the effective achievement of the Organization\'s objectives by setting individual targets,

developing, and motivating staff, and providing formal and informal constructive feedback andappraisal - in order to maximize subordinate and Section\'s performance.

• Contribute to the development of UAE National employees in a manner which supports the

objectives of the corporation and its Emiratization strategy.

• Contribute to knowledge dissemination/sharing in a way that assists with building internal capabilities of UAE Nationals where applicable and maximize their effective performance.

Activity:Excellence & Quality ManaResponsibilities & Accountabilities (contd.)Activity: Information SecurityResponsibility:

• Obtains and acts on vulnerability information and conducts security risk assessments for business applications and computer installations;

• Provides authoritative advice and guidance on security strategies to manage the identified risk.

• Investigates major breaches of security, and recommends appropriate control improvements.

• Interprets security policy and contributes to development of standards and guidelines that comply with this

• Performs risk assessment, business impact analysis and accreditation for all major information systems within the organization.

• Ensures proportionate response to vulnerability information, including appropriate use of forensics.

Activity: Information AssuranceResponsibility:

• Provides authoritative advice and guidance on Information assurance architecture and strategies to manage identified risk.

• Familiar with major legislation relevant to security of information.

• Interprets security and assurance policies and contributes to development of standards and guidelines that comply with these.

• Uses testing to support information assurance.

Activity: Availability managementResponsibility:

• Provides advice, assistance and leadership associated with the planning, design and improvement of service and component availability, including the investigation of all breaches of availability targets and service non-availability, with the instigation of remedial activities.

• Plans arrangements for disaster recovery together with supporting processes and manages the testing of such plans.

Activity: Asset ManagementResponsibility:

• Controls IT assets in one or more significant areas, ensuring that administration of the acquisition, storage, distribution, movement and disposal of assets is carried out.

• Produces and analyses registers and histories of authorized assets (including secure master copies of software, documentation, data, licenses and agreements for supply, warranty and maintenance), and verifies that all these assets are in a known state and location.

• Ensures that there are no unauthorized assets such as unlicensed copies of software.

Activity: Change ManagementResponsibility:

• Assesses, analyses, develops, documents and implements changes based on requests for change.

Activity: Security and AdministrationResponsibility:

• Drafts and maintains the policy, standards, procedures and documentation for security.

• Monitors the application and compliance of security operations procedures and reviews information systems for actual or potential breaches in security.

• Ensures that all identified breaches in security are promptly and thoroughly investigated.

• Ensures that any system changes required to maintain security are implemented.

• Ensures that security records are accurate and complete.

• Security management (including network security, identity management, security events and incidents)

Professional CertificationsCertificateMin: CISSP, CCNP, Networking or System/OS Certificates, ITIL Foundation, ISO27001 Lead ImplementerCertificateMax: CISM, CISSP-ISSEP, CISSP-ISSAP, ITIL RCVQualificationsQualificationMin: B.S. in Information Security or Computer Science /IT MajorQualificationMax: Masters in Information Security or Computer Science /IT MajorExperienceExperienceMin: \xe2\x80\xa2 6 to 7 years of relevant experience.ExperienceMax: \xe2\x80\xa2 Working experience on Linux and ESX and Windows security.

• Experience on infrastructure security and physical security

Nawah Energy Company