Location : UAE

Job Purpose:
Responsible for ensuring that Information Security best practices are in place to adequately protect company information assets in terms of Confidentiality, Integrity and Availability. This includes developing and implementing a holistic information security plan that covers policies and procedures, risk assessments and remediation, user awareness and training, fit-for-purpose technology solutions and monitoring compliance. Works closely with IT operations and applications team to ensure that information security is designed into technology solutions, and that systems are effectively configured and controlled to minimise accidental or deliberate information loss or unauthorised access, and to enable the rapid recovery of systems and information following an incident.

Full Job Information:

Accountabilities:

IT Security Strategy and Governance

• Supports the development of a strategy for information security in alignment with Group IT, business stakeholders and overall business priorities and objectives.
• Identifies IT security issues and analyses/prioritises security requirements based on periodic IT Risk Assessments performed.
• Supports the periodic testing and documentation of IT Disaster Recovery plans.
• Leverage and adapt IT security best practice to develop a security governance framework (including roles and policies) based on recognised IT security standards and Defence in Depth approach.
• Maintains and recommends IT security policies and procedures that help to ensure the integrity, confidentiality and security of company information assets.
• Supports planning and budgeting activities related to the IT security function.

Employee IT Security Awareness

• Effectively communicates IT security best practice to company employees through various platforms, including email, intranet and face-to-face or videocon onboarding and training sessions.
• Develops processes to regularly assess compliance of employees with IT security policies and procedures, including simulated phishing exercises and annual certification of essential information security understanding.
• Develops user awareness and guidance documentation as needed for the deployment of new security solutions.
• Advises business managers and information asset custodians on IT security risks.
• Acts as the focal point for employee questions or concerns on information security.

Information Security Administration

• Works closely with IT operations team to support selection, installation, configuration, testing and monitoring of IT and network security solutions to defend against unauthorized information access, modification or destruction.
• Creates and maintains network policies and authorization roles for file and system access.
• Ensures that capabilities are in place for monitoring network traffic and alerting any suspicious behaviour.
• Coordinates the periodic maintenance of security systems and applications to ensure new threats are identified and the security of company information assets is maintained.
• Monitors IT team compliance with maintaining security patches for critical business software and managing system hardening for all computing endpoints, servers and network devices.
• Ensures company smartphone security using MDM solutions and related policies.
• Proactively works with IT security vendors to identity new technologies that are fit-for-purpose in meeting security requirements in cost effective ways.
• Coordinates effectively with any external vendor/service providers for the provisioning of network and security monitoring, or security vulnerability assessment and penetration testing.
• Leads IT security solution assessment and implementation projects as needed.

Security Incident Response, Investigation and Assurance

• Able to respond quickly to security incidents, including escalation and working closely with IT applications and operations teams to minimise business impact of security breaches.
• Able to perform forensic security investigations post-incident, to establish attack methods and provide advice on any changes/improvements necessary to avoid reoccurrence.
• Performs IT security audits and works with external/internal business auditors to provide necessary input and feedback related to information security.
• Performs other IT assurance tasks as required, including vendor software and hardware licensing compliance.
• Provides analysis and reporting on information security incidents and overall performance in detection, avoidance, containment and recovery activities.

General working practices

• Customer service orientation, including professionalism and effectively managing expectations.
• Demonstrates complete integrity and confidentiality related to security investigations and forensic or audit activities.
• Challenges status-quo and current IT security practices/solutions to continually search for and suggest improved or more cost-effective options.
• Understands the 24/7 nature of the business and is able to respond to urgent IT security support needs and/or scheduling of activities outside of normal business hours to minimize impact.
• Follows all company policies, including strict adherence to HSE standards to always work safely to avoid risk of harm to self, others or the environment.

Job Requirements:

Education:                  

BSc in Computer Science, Information Systems, IT Security or equivalent.   Postgraduate qualification in a relevant IT security field preferred.

Experience:               

5 - 10 years working experience in IT Network or Information Security roles.

Skills/Qualifications

CISSP certification

Cisco CCNA certification (or similar)

Experienced in driving information security awareness initiatives and technical solution projects.

Comprehensive understanding and knowledge of IT security systems and configuration, including software, databases, networks and computing endpoints.

Maintains current knowledge of evolving IT security threats including advanced cyber security attack methods used.

Excellent analytical, critical thinking and problem-solving skills.

Detail conscious and methodological approach.

Good mentoring, interpersonal and communication skills across all levels of the organisation.

Languages:                                                                                                     

Excellent level of English proficiency, both written and spoken.

Job Location:

Dubai, UAE