Brief Description:
Responsible for establishing and maintaining an information security management program to ensure that information assets are adequately protected across all Support services.
Education Requirements:
- Bachelor's or master's Degree in computer engineering or Computer Science or related field
Experience & Skills Requirements:
- 7+ Years in information security
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), NSE4 or higher, PCNSA or other similar credentials, is required.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST.
- Excellent verbal and written communication skills.
- Excellent interpersonal and training skills.
- Excellent organizational skills and attention to detail.
- Highly knowledgeable about the business environment
- Strong problem-solving skills.
Duties and Responsibilities:
- Develop, maintain and publish up-to-date information security policies, standards and guidelines and ensure their compliance with laws, regulations and global best practices to minimize or eliminate risk and audit findings.
- Process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies and are maintained in a fully functional and secure mode.
- Work directly with the business units to facilitate risk assessment and risk management processes and oversight treatment efforts to address negative findings.
- Provide regular reporting for IT management on the current status of the information security program.
- Coordinate with enterprise applications teams to ensure security compliance for Maarif applications.
- Manage Information security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
- Review existing architectures and propose improvements to enhance security posture and Assist in the design and implementation of secure architectures for networks, systems, and applications.
- Manage, configure and maintain firewalls, intrusion detection/prevention systems (IDS/IPS), and other security tools.
- Manage, configure and maintain mail security service and regularly enhance its relative rules and policies.
- Manage, configure and maintain the web application firewall
- Access Control: Manage user access and permissions, ensuring principle of least privilege.
- Work with end users to make sure all incidents coming from the cyber security department are solved and closed.
- Work with cyber security team for any new services to make sure the service has zero vulnerability before published.
