Job Description

Job Overview Develop, document, maintain, and distribute Information Security Regulation (ISR) policies that addresses the purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Responsibilities and Duties:



+ Manages information security in the organization to safeguard its information systems in order to ensure confidentiality, integrity, and availability, in alignment with the Information Security Regulation of Dubai Government and the relevant international best practices and standards.

+ Oversee technical and process security controls and lead a program of continuous improvement in response to changing security threats and risk.

+ Maintain up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations, and management and governance of Cyber risk and Cyber Security.

+ Role Tasks:



- Design and Implementation: Lead and manage the design, implementation, operation, maintenance, evaluation, and auditing of the information security based on the Information Security Regulation (ISR) of Dubai Government, or any other international standards, including certification where applicable.

- Strategy Development: Define, develop, and maintain a business-aligned Information and Information Security strategy and operating model as well an effective Information Security Management System and processes for continual improvement.

- Awareness and Training: Drive information security awareness, training and educational activities and provide advice and practical assistance on information security risk and control matters throughout the organization.

- Risk Management:Direct and maintain information security risk management activities including assessments and controls selection activities.
- Business Continuity & Contingency Planning: Guide activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions in the organization and third parties.

- Continuous Security Monitoring and Improvement: Oversight activities relating to the continuous information security monitoring of IT and Infrastructure resources and operationsincluding but not limited to including vulnerability assessments, penetration testing, and web application assessments & drive a culture of continuous improvement in information security practices.

- Security Standards and Guidelines: Formulate plans and supervise activities relating to the security of the services including the development and execution of security standards and guidelines.

- Procedure Implementation: Oversee implementation and documentation of the security procedures related to the information systems against accidental or unauthorized modification, destruction, or disclosure.

- Regulatory Compliance: Monitor and audit compliance to IT security policies and procedures and regulates access to safeguard information.

- Technology Assessment and Recommendations: Advise and recommend new information security technologies and countermeasures against threats to information or privacy.

- Incident Response & Management: Manage reported actual or suspected vulnerabilities/breaches in the confidentiality, integrity or availability of data and security breaches with the Information Security Office.
- Non-Compliance Management: Manage the processes and methods for addressing non-compliance to information security standards and communicate clearly to all departments.

- Security Reviews: Manage security compliance reviews for all environments to identify any security misconfiguration or gaps.

- Reporting: Regularly report on information security matters to executive committees, management groups, and stakeholders.



Technical Skills:



- Information Security Management

- ISR Compliance

- Audit and Compliance Management

- Risk Assessment and Management

- Policy and Procedure Development

- Security Governance and Strategy Planning

- ISO 27001, ISO 22301, NIST Cyber Security Framework (CSF)

- Incident Response and Management

- Vulnerability and Threat Management



Soft Skills:



- Communication

- Leadership

- Adaptability

- Teamwork & Collaboration
Analytical Thinking


-

Qualifications

Qualifications


Education - bachelor's degree in relevant field. Experience - Preparing IT Security Policies and Procedures, Performing Access Review, Providing Security Awareness Sessions.

Specific skills - Certified IT Security champion Team player with excellent communication skill.

Preferred Certification


+ Certified Information Security Manager (CISM).

+ Certified Information Systems Security Professional (CISSP).

+ Certified in Risk and Information Systems Control (CRISC).

+ ISO 27001 Lead Implementer.

+ ISO 22301 Lead Implementer.