Job description Of Security Analyst Responsible for analyzing and assessing security controls, policies, and procedures within the organization to ensure compliance with regulatory requirements and industry best practices. Conduct risk assessments, monitor security incidents, and provide recommendations for enhancing security governance and improving overall security posture. Roles and Responsibilities Conduct assessments and evaluations of security controls, policies, and procedures to ensure compliance with regulatory requirements, industry standards, and internal governance frameworks. Identify and assess security risks and vulnerabilities, and provide recommendations for risk mitigation strategies to enhance the organization\'s security posture. Monitor and track compliance with security policies, regulations, and contractual obligations. Assist in the development and implementation of compliance programs. Participate in security incident response activities, including analyzing and investigating security incidents, documenting findings, and recommending remediation measures. Provide support in the development and maintenance of security governance frameworks, including policies, standards, and procedures. Assist in security awareness and training initiatives. Coordinate and participate in security audits, assessments, and penetration tests to evaluate the effectiveness of security controls and identify areas for improvement. Prepare and deliver reports on security metrics, compliance status, and risk assessments to management and relevant stakeholders. Assist in the development of executive-level dashboards and presentations. Qualification Bachelor\'s degree in Computer Science, Information Security, or a related field. Relevant certifications like CISM, CISA, or CISSP. Familiarity with security frameworks such as ISO 27001, NIST Cybersecurity Framework, and COBIT. 2+ years of experience in conducting a risk assessment Proficiency in conducting risk assessments, vulnerability assessments, and threat modeling exercises. Knowledge of risk management methodologies and tools Understanding of governance principles, regulatory requirements, and industry standards related to information security and data privacy, such as GDPR, HIPAA, or PCI DSS. Strong knowledge of security controls, technologies, and best practices, including network security, access controls, encryption, intrusion detection/prevention systems, and security incident response. Technical competency 1. Understanding of security governance frameworks, regulatory requirements, and industry best practices to ensure compliance and adherence to security policies and standards. 2. Proficiency in conducting risk assessments, vulnerability assessments, and threat modeling exercises. Ability to identify and prioritize security risks and develop risk mitigation strategies. 3. Knowledge of various security controls and technologies, including firewalls, intrusion detection/prevention systems, antivirus software, encryption methods, access controls, and security incident response tools. 4. Experience in security monitoring tools, log analysis, and incident response procedures. Ability to detect and respond to security incidents in a timely manner. 5. Familiarity with security auditing and assessment processes, including conducting internal audits, vulnerability scans, and penetration testing. Ability to interpret audit findings and recommend remediation actions. 6. Proficiency in developing and implementing security policies, standards, and procedures aligned with industry best practices and regulatory requirements. 7. Understanding of network architecture, protocols, and security technologies. Knowledge of secure network design, segmentation, VPNs, and network monitoring. 8. Knowledge of data privacy regulations and best practices, such as GDPR and data classification. Ability to implement data protection measures, including encryption, data masking, and access controls. 9. Familiarity with incident management tools and platforms for tracking and documenting security incidents, generating reports, and facilitating incident response processes. 10. Ability to develop and deliver security awareness programs and training materials to educate employees on security policies, best practices, and emerging threats. CLR Basic Level: Knowledge: Basic understanding of security governance frameworks, compliance regulations, and industry standards. Skills: Ability to assist in conducting risk assessments, compliance monitoring, and security controls assessment under supervision. Experience: Limited practical experience in security governance activities and basic exposure to security technologies and tools. Intermediate Level: Knowledge: In-depth knowledge of security governance frameworks, compliance regulations, and industry best practices. Skills: Proficient in conducting risk assessments, compliance monitoring, and security controls assessment independently. Ability to provide recommendations for risk mitigation and governance improvements. Experience: At least 2-3 years of hands-on experience in security governance activities, including risk assessment, compliance monitoring, and security controls assessment. Advanced Level: Knowledge: Extensive knowledge of security governance frameworks, compliance regulations, and emerging industry trends. Skills: Highly proficient in conducting complex risk assessments, compliance monitoring, and security controls assessment. Ability to develop and enhance security governance frameworks and provide strategic guidance on governance-related matters. Experience: 5+ years of progressive experience in security governance, including leading governance projects and collaborating with stakeholders at various levels. Expert Level: Knowledge: Subject matter expert in security governance frameworks, compliance regulations, and industry-leading practices. Demonstrated thought leadership in the field of security governance. Skills: Highly skilled in conducting comprehensive risk assessments, compliance monitoring, and security controls assessment. Ability to provide strategic direction and drive innovation in security governance initiatives. Experience: 10+ years of extensive experience in security governance, including leadership roles, extensive collaboration with executive management, and demonstrated impact on overall security posture. Job Type: Contract
Contract length: 12 months Salary: AED17,000.00 - AED20,000.00 per month