Vice President Information Security and Governance

```html

Job Description

Develop and implement department strategy following Daman strategy, set departmental and operational goals and initiate measures to reach goals and to improve department performance.

Lead performance management process evaluating progress against departmental goals. Responsible for result-oriented management and development of people/resources, including:

1. Provision of strong day-to-day leadership presence involving resource allocation, monitoring, reporting, and conducting regular staff meetings.
2. Manage department expenditure and requirements, minding the impact on the financial budget.
3. Foster organisational culture by establishing quality awareness and service orientation and complying and implementing processes such as Project and Change Management.
4. Initiate, develop, implement and ensure adherence of policies and procedures.
5. Promote the recruitment and development of UAE Nationals to contribute to Daman’s strategic goals.

Department Specific:

Create information security program in collaboration with all stakeholders such as Information Technology Services Leadership to:

1. Build and maintain a multi-year cyber security roadmap for DAMAN.
2. Lead the implementation, maintenance, enhancement, and documentation of DAMAN’s Information Security Program (e.g. System Security Plans (SSP), Business Impact Analysis and Assessment, Contingency Plan, Disaster Recovery, Continuity of Operations, etc.).
3. Develop, maintain, publish and oversee up-to-date security policies, standards and guidelines.
4. Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.
5. Conduct Information Security Risk Assessment and coordinate audits on a regular basis.
6. Recognise threats and vulnerabilities; identify information security issues and concerns.
7. Develop and implement prioritised risk treatment plan to tackle identified information security issues and concerns.
8. Evaluate and incorporate government requirements into Daman’s Information Security Programme, by reviewing, calculating impacts, NESA reporting progress and commenting on HAAD directives.
9. Promote awareness of security issues, including developing and conducting Information Security Awareness Training.
10. Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.
11. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security incident, and provide direction, support and in-house consulting in these areas.