Description

Manager - IT Security

Business Unit: SCHOOL SUPPORT CENTRE

Location: UAE - Dubai

Closing Date 03-May-2023

About the Role

The Manager - IT Security is responsible for establishing and maintaining a corporate-wide management program to ensure the information assets are adequately protected.

This position is responsible for identifying, evaluating, and reporting on information security, data protection, and data privacy risks in a manner that meets the operational, compliance, and regulatory requirements, and aligns with and supports the operations and risk appetite of GEMS Education.

Key Accountabilities:

Develop, implement, and monitor a comprehensive enterprise information security and data privacy risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.

Facilitate information security and data privacy governance through the implementation of a governance program, including the formation of an information security steering committee or advisory board.

Develop, maintain, and publish up-to-date information security and data privacy policies, standards, and guidelines. Oversee the approval, training, and dissemination of the policies and practices

Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.

Develop and manage information security budgets (as assigned by the CIO) and monitor them for variances.

Create and manage information security and data privacy awareness training programs for all employees, contractors, and approved system users

Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.

Provide regular reporting on the status of the information security and data privacy program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.

Create a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection.

Develop and enhance an information security management framework based on industry best practices, such as International Organization for Standardization (ISO) 2700X, IT IL, COBIT/Risk IT, and the National Institute of Standards and Technology (NIST).

Liaise with development and operations teams to ensure alignment between the information security, data privacy, infrastructure, and application architectures.

Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.

Liaise with development and operations teams to ensure alignment between the security, infrastructure and application architectures.

Coordinate information security, data privacy, and risk management projects with resources from the IT organization and business unit teams.

Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from applicable laws, standards, and regulations. Ensure that security programs follow such laws, regulations, and policies to minimize or eliminate risk and audit findings

Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.

Manage IT security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company\'s reputation.

Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

Coordinate the use of external resources involved in the information security and data privacy program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.

Develop and oversee effective Business Continuity Management and IT Disaster Recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.

Liaise with Legal team to review new and existing 3rd party contracts to ensure information security/data privacy requirement incorporation.

Ensure implementation and regular review of technical information security and data privacy measures to protect corporate IT assets, sensitive information, and personal data.

Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

Ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.

Qualifications, Experience & Skills:

Minimum of a Bachelor\'s degree in Science (BS), Degree in Information Security, Computer Science, Engineering, or a related technical degree. A Master\'s degree is preferable.

Minimum of 5 years of work experience in Information Technology Security

Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, and NIST.

Strong understanding of risk management framework.

About Your Benefits

An attractive remuneration package is on offer to the successful candidate including tax-free salary, medical cover, tuition fee concessions, annual leave, and end-of-service benefits.

About GEMS

Trusted for over 60 years and now a third generation education family, GEMS Education began in a single school room in Dubai. Today, we have the privilege of educating over 170,000 students from over 176 countries through GEMS owned and managed schools globally; over 270,000 students access resources through our services division.

About Application Process

If you meet the criteria and you are enthusiastic about the role, we would welcome your application.

To complete the application you would need the following document(s):

• Resume/CV
• Passport-size photograph

In line with the UAE\'s Emiratisation goals, GEMS welcomes and encourages applications from UAE nationals to join our fast-growing team.

Important Note : GEMS Education is committed to safeguarding and promoting the welfare of all of its students. Applicants will be required to submit a current police criminal clearance check or equivalent from their home country or current country of residence prior to appointment.

Joblinks.ae