Senior Associate Information Security

|Senior Associate - Information Security

Al Etihad Payments empowers employees to work in an environment that best promotes their productivity and well-being, while providing high-quality workplace and fantastic professional experience.

|Get to Know Us

Al Etihad Payments is the UAE’s designated retail payments entity, dedicated to developing and operating world-class infrastructure, standards, and solutions for the UAE Economy. Al Etihad Payments is a subsidiary of the Central Bank of the UAE, strongly supported by the UAE Government.

Our employees are committed to work with licensed financial institutions and other payment service providers to foster innovation and deliver excellent financial services to all in the UAE, efficiently and without friction. Al Etihad Payments supports the government’s objectives of a cashless society, national digitization, and the Central Bank of the UAE objective of being a top ten central bank globally.

|Our Culture

We are a collaborative, diverse and passionate group of individuals that works as one team. We support one another, make impactful contributions to the organization, and develop and nurture meaningful connections across the payments ecosystem!

|About the role

This role will be crucial in safeguarding our organization's information systems and data assets against cyber threats through understanding AEP’s risk profile and proactively managing the security operations center. The ideal candidate will possess a strong background in information security, risk profiling, threat hunting, SOC management, threat intelligence, attack surface management, and basic forensics.

|What You’ll Do

• Lead the security operations center, ensuring maximum visibility to security events in the AEP by digesting logs from all system and infrastructure assets in AEP, and building the required correlation rules to trigger alerts.
• Integrate the required threat intelligence solutions to the SIEM platform for detecting suspicious events.
• Properly define AEP’s attack surface and attack vectors for proper event detection and identification inline with vulnerabilities identified.
• Command information security incident response when an incident is declared and ensure secure services, data, and system assets recovery.
• Conduct risk profiling and threat hunting.
• Build a security orchestration platform and automate the responses for events according to industry best practices.
• Conduct basic security forensics and engage the Security Forensics Vendors as required.
• Run security controls validation platforms to ensure all controls are functional at all times.
• Run vulnerability assessment platforms to identify technical and configuration vulnerabilities, and communicate them to the relevant stakeholders.
• Collaborate with IT and business teams to implement security best monitoring practices and solutions as needed.
• Evaluate and recommend security products and services.
• Prepare information security reports and dashboards as needed.
• Other tasks assigned by the line manager.

People and Vendor Management:

• Oversee vendors and service providers' staff to ensure the expected delivery objectives are achieved.
• Support in the development of AEP-wide information security monitoring and threat management.
• Build formal relationships with internal stakeholders, 3rd parties, and vendors.

|QUALIFICATIONS AND EXPERIENCE

A minimum of 10 years of information technology experience, including at least 5 years’ experience in managing information security in large payments organizations.

Experience:

• Knowledge of international information security standards and frameworks like ISO27000 and PCI-DSS.
• Experience with risk management, vulnerability assessments, contract/vendor negotiations, and incident management.
• Strong understanding of security monitoring and response technologies like SIEM, SOAR, TIP and ASM.
• Strong understanding of cybersecurity controls with a focus on network security like firewalls, proxy servers, email gateways, WAF, etc. and endpoint protection like AV and EDR, and vulnerability management.
• Experience with security assessment tools and techniques, and fair knowledge of Mitre ATT&CK Framework.
• Preferable previous experience in the payments industry, preferably related to instant payment services and/or domestic card scheme.
• Commitment to maintaining confidentiality and integrity of information.

Education:

• Engineering/Technology graduate or equivalent qualification from a recognized University/Institution preferably in Information Technology or Security domains.
• Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) preferred.

|Technical and Behavioral Skills

• Be a confident communicator and presenter with excellent verbal and written communication skills.
• Excellent analytical and problem-solving skills.
• Be proactive, reliable, responsible, and accurate with an attention to detail.
• Ability to work effectively both independently and as part of a team.
• Be capable of building relationships with vendors and third-party service providers to facilitate the accomplishment of business goals.
• Able to think logically, to enable problems to be solved through planning and the use of appropriate rules of reasoning.
• Professional fluency in written and spoken English and Arabic.

|What you can expect from us

• Modern work environment with a level of flexibility.
• Dynamic and motivated team of colleagues working towards achieving UAE National Objectives.
• Competitive compensation package, including annual bonus and additional benefits like child educational allowance and annual flight tickets (where eligible); Comprehensive health insurance coverage.