Manager - Cyber Security

Section I: Job Purpose

The role holder is accountable for leading and managing the organization's end-to-end cybersecurity program, ensuring the protection of digital assets, infrastructure, data, and core business operations. This role combines strategic oversight with hands-on technical leadership to establish and maintain a comprehensive, defense-in-depth cybersecurity framework aligned with international standards and local regulatory requirements. It drives proactive risk management, robust security architecture, effective threat detection, incident response capabilities, and the continuous improvement of the organization's cyber resilience. In close collaboration with IT leadership, technical teams, and business stakeholders, the role ensures cybersecurity is embedded across all initiatives, promotes a Zero Trust model, and enhances the organization's overall security posture.

Section II: Key Responsibilities

Cybersecurity Strategy & Governance:

• Lead the development, execution, and continuous evolution of the organization's cybersecurity strategy and governance framework, ensuring strong alignment with business priorities and regulatory expectations.
• Define, implement, and regularly update a comprehensive cybersecurity strategy and multi-year roadmap that supports organizational growth and digital transformation initiatives.
• Align security programs and investments with business objectives, risk appetite, and emerging technology trends.
• Establish and maintain a robust cybersecurity governance framework, including policies, standards, procedures, and control mechanisms in line with international best practices and local regulations.
• Design and oversee the enterprise security architecture, ensuring scalability, resilience, and integration across all platforms, systems, and applications.
• Develop and enforce security policies covering areas such as data protection, access control, cloud security, and third-party risk management.
• Drive security-by-design principles across all IT and business projects to ensure early integration of cybersecurity controls.
• Provide strategic direction on security technologies, tools, and platforms to support long-term organizational needs.
• Monitor and report on the organization's cybersecurity posture, key risk indicators, and compliance status.
• Present regular updates, risk insights, and strategic recommendations to executive leadership and relevant governance committees.
• Foster a culture of cybersecurity awareness and accountability across the organization through leadership engagement and governance initiatives.

Security Operations & Threat Management:

• Lead and manage day-to-day operations of the Security Operations Center (SOC), ensuring effective monitoring and incident response.
• Establish and enhance continuous monitoring capabilities, including advanced threat detection and security analytics.
• Oversee threat intelligence, proactive threat hunting, and vulnerability management initiatives to strengthen the organization's security posture.
• Direct the investigation of major cybersecurity incidents, including digital forensics and root cause analysis.
• Ensure timely response, containment, and recovery from cyber threats and security breaches.

Security Architecture & Zero Trust Implementation:

• Design, implement, and continuously enhance a Zero Trust security architecture across identity, network, endpoints, applications, and data environments.
• Define and enforce secure architecture standards across cloud, hybrid, and on-premises infrastructure.
• Lead the deployment, integration, and optimization of key cybersecurity technologies, including:
• Security Information and Event Management (SIEM) and security monitoring solutions
• Endpoint Detection and Response (EDR/XDR) platforms.
• Identity and Access Management (IAM) systems.
• Privileged Access Management (PAM) solutions.
• Data Loss Prevention (DLP) tools.
• Vulnerability assessment and patch management programs.
• Cloud Security Posture Management (CSPM) solutions
• Ensure alignment of security architecture with business objectives, regulatory requirements, and industry best practices.

Smart City Cybersecurity Governance & Strategy:

• Lead the development and implementation of a comprehensive cybersecurity framework for smart city initiatives.
• Establish and oversee cybersecurity policies, standards, and procedures tailored to smart city environments.
• Define and drive the Smart City Cybersecurity Strategy, including standards and a 5-year strategic roadmap.
• Develop and enforce OT/IoT security standards, including secure device onboarding and lifecycle management.
• Design and maintain smart city threat models and risk registers to proactively identify and mitigate risks.
• Establish and manage incident response plans for city-wide digital services and critical infrastructure.
• Ensure all smart city projects adhere to vendor security compliance requirements through standardized assessment frameworks.

Risk Management & Compliance:

• Develop, implement, and manage the enterprise cybersecurity risk management framework.
• Ensure organizational compliance with key international and regional security standards, including NIST Cybersecurity Framework 2.0, CIS Critical Security Controls, ISO/IEC 27001, GDPR, and UAE Information Assurance Standards.
• Lead and coordinate internal and external cybersecurity audits, ensuring timely closure of findings.
• Maintain and regularly update risk registers and drive the execution of risk mitigation and remediation plans.

Cybersecurity Program & Project Management:

• Lead end-to-end delivery of cybersecurity transformation programs, ensuring alignment with business and risk objectives.
• Define, govern, and continuously optimize the cybersecurity roadmap, with clear milestones and measurable outcomes.
• Oversee cross-functional execution of cybersecurity initiatives, ensuring on-time delivery, quality, and stakeholder alignment.
• Embed cybersecurity requirements into enterprise IT and digital transformation programs, enforcing secure-by-design principles.

Business Continuity & Disaster Recovery:

• Establish, lead, and continuously enhance enterprise-wide Business Continuity (BCP) and Disaster Recovery (DR) programs.
• Drive cyber resilience strategies to ensure the availability and recovery of critical systems and infrastructure.
• Oversee and conduct regular disaster recovery testing, crisis simulations, and readiness exercises, ensuring continuous improvement and compliance with best practices.

Third-Party & Vendor Security:

• Establish and lead third-party cybersecurity risk management frameworks and processes.
• Oversee security due diligence and risk assessments for vendors, partners, and service providers.
• Ensure ongoing vendor compliance with organizational security policies, standards, and contractual requirements.

Budget & Resource Management:

• Develop, manage, and optimize the cybersecurity budget aligned with strategic priorities.
• Evaluate and prioritize cybersecurity technologies and investments based on risk impact and business value.
• Drive cost-effective security spending to maximize risk reduction and operational efficiency.

Security Awareness & Culture:

• Lead the development and execution of enterprise-wide cybersecurity awareness and training programs.
• Foster a strong security-first culture, promoting shared responsibility across all business functions.
• Drive the adoption of secure-by-design principles across development and operational practices.

Continuous Security Improvement:

• Continuously assess cybersecurity maturity, identifying gaps and driving improvement initiatives.
• Define and implement security metrics, KPIs, and executive dashboards for effective reporting.
• Benchmark the organization's security posture against industry standards and peer organizations, driving continuous enhancement.

People Management:

• Lead and inspire a cross-functional team of digital experts, fostering a culture of collaboration, innovation, and accountability.
• Provide leadership within the function, setting objectives, managing performance, and developing staff to maximize performance.
• Define team goals, conduct performance reviews, and identify skill development needs.

Section III: Qualifications, Experience & Skills

Minimum Qualification:

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related discipline.
• Professional certifications in Cybersecurity or IT Management are preferred.

Experience:

• 10 - 12 years of progressive experience in Cybersecurity and Information Security roles.
• Minimum of 3–5 years of experience in leadership or cybersecurity management positions.
• Proven track record in managing enterprise-wide security programs and security operations.
• Hands-on experience in implementing globally recognized cybersecurity frameworks and standards.
• Experience operating within large-scale enterprises or multi-site environments.
• Demonstrated experience in developing and implementing cybersecurity policies, strategies, and governance frameworks.

Skills:

• Cybersecurity strategy development and enterprise security architecture
• Security governance, risk management, and regulatory compliance leadership
• Threat detection, incident response, and security operations (including SIEM platforms)
• Identity and access management (IAM), cloud security, and infrastructure protection
• Vulnerability management and proactive risk mitigation
• Executive stakeholder engagement and cross-functional leadership
• Cyber crisis management and strategic decision-making under pressure
• Cybersecurity program management and delivery oversight
• Vendor, contract, and third-party security management
• Budget planning and financial oversight for cybersecurity functions
• Business continuity, incident response planning (IRP), and disaster recovery (DR) management.
• Strong written and verbal communication skills with the ability to engage both technical and business stakeholders.