Job Purpose
Lead enterprise information security by governing systems, policies, and risk programs aligned to Dubai standards; operate the cyber security function; enforce access and architecture controls; and drive threat-informed improvements, audits, and incident readiness that ensure compliant, resilient operations across RTA.
Roles and Responsibilities
Strategy
- Set, approve, and enforce information-security policies and standards; define and ratify strategic and operational objectives, KPIs, and audit regimes; direct remediation across concerned departments.
- Define and own the risk-management framework, assign accountable owners for risk registers, scenarios, and response plans; order periodic reviews and updates with agencies and sectors.
- Institutionalize and mandate RTA-wide awareness for employees, suppliers, and contractors with measurable targets; approve annual awareness plans and cadence.
- Lead and approve financial governance for information security, sanction the annual budget and forecasts, prioritize projects aligned to strategy, monitor execution, and authorize adjustments with relevant departments.
Operations
- Commission Vulnerability Assessments and Penetration Testing (VAPT) plans to assess readiness; order preventive/ corrective measures; direct risk-based audits on projects/ systems and enforce on-time completion.
- Govern reporting, investigations, and incident handling with internal/external stakeholders; direct Security Operations Center (SOC) operations for response and systems security; approve incident evaluations and mandate implementation of recommendations.
- Enforce access control governance, approve eligibility, order privilege audits, direct network/ system traffic monitoring, and ratify compliance reporting.
- Oversee and mandate threat-intelligence collection and analysis on internal and external risks; direct investigations of technical suspicions with concerned authorities; authorize threat scenarios, commission mock exercises, and report readiness.
- Govern Information Security Management System (ISMS) implementation and resourcing; ensure operation per approved policies/procedures; monitor and enforce conformance with audit recommendations and maintain official follow-up records.
- Approve and govern business-continuity and remedial plans for technical systems with concerned departments; require periodic tests and ratify updates for effectiveness.
- Submit and brief senior leadership with periodic reports on strategy execution, audit status, exercise results, threats, and performance indicators.
Product/Process Improvement
- Direct improvements from audits, simulations, incidents, and threat intelligence; approve updates to policies, standards, and ISMS controls; enforce closure of audit observations and prioritized risks.
- Govern supplier performance via KPIs; challenge results, order corrective actions, and verify adherence to information-security clauses.
- Mandate benchmarking and trend monitoring to refine programs and architectures; approve RTA-wide process enhancements and best-practice adoption to uplift preventive controls.
Qualifications
- Education : Bachelor's degree/ Master's degree in Computer Science/ Information Technology/ Information Security/ Cyber Security
- Experience : 12+ Years in case of Master's degree (14+ years in case of Bachelor's degree)
- Certifications (Preferred) : CISSP, CISM, ISO/IEC 27001 Lead Implementer/ Auditor, ITIL, COBIT
Technical Competencies
- Crisis & Emergency Management
- Cybersecurity & Information Risk Management
- Disaster Recovery & Business Continuity
- Governance, Risk & Excellence Programs
- Policy Analysis and Development
- Quality Management and Enhancement
- Strategic Planning & Execution Management
- Threat Intelligence & Analysis
