Plan and manage the Information security management function and lead the development and implementation of Information security policies and systems in line with the UAE Information Assurance Standards and guidelines.
Manage the implementation of enterprise-wide information security policy, plans and procedures in line with Abu Dhabi Government guidelines and regulations, while leading regular review, upgrading and further developments in accord with the latest technology trends.
Ensure alignment with the internal IT function in order to prevent potential security risks in IT operations.
Manage end-to-end handling of Organization cyber security incidents and collaborate with internal and external stakeholders if needed to solve advanced security threats and incidents.
Manage information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
Ensure alignment with all sectors to mitigate potential cyber security risks, and implementation of effective controls.
Monitor the compliance of the policies and take appropriate actions based on directions of Information Security Committee.
Manage the existing systems and respond to internet-wide security threats in relation to local systems to safeguard and protect Organization's information.
As Rapporteur of Information Security Committee ensure meeting scheduling, agenda preparations, conduct of the meeting, issuing minutes of meetings, actions as per committee directives and appropriate reporting.
Manage information security risk assessment and risk mitigation implementation in coordination with Organization’s Risk Manager.
Review service continuity policies and processes and monitor implementation of service continuity plan to ensure Organization’s information is protected in the case of a disaster.
Manage the various risks that security threats pose to the Organization’s mission and goals.
Develop information security awareness, training and communication across Organization to ensure adherence to required standards.
Participate in the evaluation and assessment of products and services, ensuring adherence and compliance with the entity’s security policies and requirements and to support the effective operations of the organization.
Ensure that all Organization contracts incorporate relevant clauses with respect to information security policy.
Audit service providers in view of compliance to information security policy.
Report on a regular basis to the Secretary General on the information security activities, challenges and issues.
Perform any other duties as requested by the reporting manager.
Qualification
Bachelor’s degree in information security, information technology, information technology management or any related specialization.
Professional information security certifications such as CISSP, CISA, and ISO 27001 Lead Auditor are required; and CISM, SAN.
Experience Required
9 to 11 years of experience in the relevant field.