Cyber Security Manager

Job title: Cyber Security Manager

Location: Dubai, UAE

About the role

We are seeking a highly skilled and knowledgeable Cyber Security Manager with strong expertise in IT infrastructure to lead and support the implementation of a robust cybersecurity strategy for a group of companies. This role will work collaboratively with cross-functional teams to ensure the security, availability, and integrity of systems and data, while delivering on the IT roadmap to achieve a strong cyber posture across all organizational levels. The ideal candidate will possess deep technical knowledge in cybersecurity, infrastructure, and industry best practices, along with the ability to provide strategic guidance and hands-on support. This role reports to the IT Director. This role is vital in shaping the cybersecurity strategy and infrastructure security across the group of companies, enabling the business to achieve its strategic goals while maintaining a secure and resilient IT environment.

Key Responsibilities:

Cybersecurity Strategy & Roadmap:

• Develop, enhance, and execute the groups overall cybersecurity strategy to protect against emerging threats.
• Collaborate with senior leadership to align cybersecurity goals with business objectives.
• Contribute to the design and execution of the IT roadmap, ensuring integration of security initiatives with infrastructure projects.
• Lead the assessment of the groups current cybersecurity posture and recommend improvements.

Infrastructure Security:

• Provide expert guidance on securing IT infrastructure, including cloud, on-premise servers, networks, and endpoints.
• Ensure the implementation of best practices for infrastructure security such as network segmentation, secure configurations, and patch management.
• Oversee the deployment and maintenance of infrastructure security solutions, such as firewalls, VPNs, SIEM systems, and intrusion detection/prevention systems.

Threat and Risk Management:

• Conduct threat intelligence gathering, vulnerability assessments, penetration testing, and risk assessments to identify and address security gaps.
• Identify, analyze, and mitigate cybersecurity risks across IT infrastructure and business operations.
• Implement and monitor security controls to ensure compliance with industry standards (e.g., NIST, ISO 27001, GDPR, etc.).

Incident Response & Recovery:

• Develop and maintain incident response plans for cybersecurity incidents, including breach detection, containment, and recovery strategies.
• Lead post-incident investigations and root cause analysis to prevent future occurrences.
• Assist with disaster recovery planning and the implementation of business continuity solutions to ensure rapid restoration of services in case of a cyber event.

Security Awareness & Training:

• Conduct training sessions to raise awareness on cybersecurity best practices and threat mitigation techniques across the organization.
• Provide guidance on safe use of technology, software, and hardware to non-technical stakeholders.

Compliance & Reporting:

• Ensure compliance with relevant regulations, frameworks, and industry standards (e.g., SOC 2, PCI DSS, HIPAA, etc.).
• Prepare and maintain reports on cybersecurity metrics, risk assessments, incident response, and system health for management and stakeholders.

Collaboration & Communication:

• Work with IT teams and business units to implement security solutions that balance usability, cost, and effectiveness.
• Collaborate with other experts, both internal and external, to evaluate new security technologies and solutions that may enhance the organizations security posture.
• Provide clear, concise communication of complex security topics to both technical and non-technical audiences.

Cloud Security:

• Develop and implement cloud security strategies, policies, and procedures.
• Align cloud security initiatives with organizational goals and compliance requirements.
• Design and implement secure cloud architectures for IaaS, PaaS, and SaaS environments.

Identity and Access Management (IAM):

• Manage user access controls, roles, and permissions in cloud environments.
• Implement multi-factor authentication (MFA) and single sign-on (SSO) solutions.

Role - Specific Skills:

• In-depth knowledge of security frameworks (NIST, CIS, ISO 27001) and industry best practices.
• Proficiency in implementing and managing security tools (e.g., firewalls, endpoint protection, SIEM, IDS/IPS, VPNs).
• Solid understanding of risk management principles and incident response processes.
• Knowledge of regulatory requirements (GDPR, HIPAA, PCI DSS, etc.) and the ability to implement necessary compliance controls.
• Familiarity with automation tools and scripting languages (Python, Bash, PowerShell).
• Experience with business continuity planning, disaster recovery, and related technologies.
• Familiarity with advanced threat detection and response techniques (e.g., EDR, XDR).
• Strong problem-solving and analytical skills.
• Excellent communication and interpersonal abilities.
• Ability to work in a fast-paced environment, handling multiple priorities.
• Strong attention to detail and commitment to ensuring the highest levels of security.

Desired Background and Experience:

• Bachelors degree in Computer Science, Information Security, or a related field.
• Certifications such as CISSP, CISM, CEH, CompTIA Security+, or equivalent.
• Minimum of 5 years of experience in cybersecurity with a strong background in infrastructure security.
• Experience in performing vulnerability assessments, penetration testing, and managing risk mitigation strategies.