Information Security (UAE National Only)

About the Role

Senior Associate - Information Security is responsible for managing and monitoring the information security framework. This includes evaluating adherence to policies and procedures to ensure robust governance and implementing appropriate tools to govern the Bureau's information security framework. Oversee monitoring and assessment of compliance with Bureau policies (e.g., Tech Standards, Business Continuity Frameworks, Data Governance and Data privacy policies, etc.), external regulations (e.g., ISO 27001, UAE IA, etc.), and industry best practices (e.g., CIS benchmarking, OWASP Top10, NIST Framework, etc.). Identify and address significant security gaps and implement effective controls to mitigate risks.

Key Responsibilities:

• Assist in the implementation of enterprise-wide information security and data governance frameworks, policies, and procedures.
• Review and improve IT security controls to enhance overall security posture, monitor IT security operational metrics, and ensure adherence to information security requirements by vendors and IT departments.
• Conduct periodic security audits, assessments, and reviews to identify potential threats and vulnerabilities.
• Monitor and implement the Information Security Framework and perform secretarial duties to IS Committee as required.
• Perform regular configuration reviews of firewalls, systems, networks, user access to identify and address any weaknesses in systems and networks.
• Identify KPI and KRI parameters and define, monitor the metrics to ensure the effective Information Security practice in Bureau.
• Evaluate the information security status of all development and technical projects and identify, report the security risks that needs to be mitigated with the recommended best practice.
• Develop and maintain an incident response plan, including techniques for detecting, responding to and recovering from security incidents.
• Ensure compliance with legal and regulatory information security and privacy requirements, including providing executive management with compliance reports and audit findings.
• Monitor cybersecurity systems and controls, such as SIEM, PAM, and DLP and support the implementation of information security solutions and improvement programs.
• Review the business continuity and disaster recovery plans and ensure timely testing and implementation to minimize the impact of potential disruptions.
• Identify cyber security risks in coordination with Internal Audit and Risk, and ensure appropriate mitigations are implemented to protect the Bureau's information, computer, network, and data processing systems.
• Evaluate risks arising from operational policies related to information and security systems to proactively mitigate potential exposure, cyber threats, and data leaks, conduct thorough reviews, and provide recommendations for necessary changes to existing policies and standards, aiming to significantly reduce the likelihood of risk occurrence.
• Monitor the implementation of risk management, business continuity, data governance, and fraud prevention frameworks, and verify the effective implementation of all company policies and procedures.
• Maintain, update, and monitor the Risk Register which includes all risk findings, descriptions, mitigation strategies, action plans, responsibilities, and deadlines, and ensure completion of actions on time.
• Conduct regular risk, information security awareness seminars for employees in coordination with the human capital department.
• Monitor compliance with ISO and PCI requirements and coordinate periodic audits for certificates renewals and fulfilment of any identified gaps.
• Stay updated on developments in the information security industry and propose measures to enhance security standards.
• The responsibilities and duties outlined above are not exhaustive and may evolve over time. The role may require additional tasks and responsibilities as assigned by the line manager or higher authorities, in alignment with organizational needs.

What We're Looking For

Education:

• Educated with at least bachelor's degree or equivalent in related field
• Education specialization or master's degree in computer science, engineering, or information technology
• Proficient in English
• Minimum 1 or more Professional industry certification in Cyber Security (CISSP, CCSP, CISM)

Experience:

• Minimum of 5-10 years of hands-on experience in Information Security GRC with the ability to architect, review, and deploy the in-lined security technologies such as next generation firewalls, web application firewalls, DLP, PAM, IAM solutions
• Minimum of 5 years of experience in the implementation of ISO standards, NIST Frameworks, CIS Benchmarking Standards and developing KPI and KRI parameters
• Experience working in complex, enterprise-level integrations and implement DevSecOps life cycle with an understanding of modern technologies and tools, including major Cloud Service Providers such as Azure, API management platforms, AWS, Google, microservices architecture
• Ability to align information security strategies in technical projects by working closely with technical stakeholders and cross-functional teams to identify and mitigate the associated security risks and contribute to the overall success of digital transformation initiatives

Why Join Us

• Opportunities for continuous learning, certifications, and professional development.
• Dedicated to building a diverse and inclusive workplace where everyone feels valued and empowered to be their authentic selves.
• Committed to building a stable, forward-thinking organization where innovation thrives.