Job Description
The Cyber Security Manager is responsible for engineering, implementing on-premises and cloud-based cyber security systems, applications, processes and for monitoring and supervising service providers to ensure the confidentiality, integrity and availability of GCGRA assets. This position involves conducting security assessments of systems, applications and networks, as well as deploying and maintaining solutions such as Privileged Access Management (PAM), Data Leakage Prevention (DLP), Vulnerability Management (VM), or Identity Access Management (IAM). The resource is also engaged in the definition and establishment of the GCGRA Cyber Security Operations Centre (CSOC), across the technology and process domains.
The role requires a proactive approach to risk mitigation and compliance with regulatory standards.
Responsibilities
These responsibilities ensure the Cyber Security Manager contributes effectively to protecting GCGRA’s digital assets.
Design, Implement and Manage Security Solutions
Engineer, Implement, Monitor, Maintain And Optimize Advanced Cybersecurity Systems And Technologies To Protect On-premises And IaaS / SaaS Cloud-based Systems, Networks And Applications
- L7 firewall and Intrusion Prevention Systems (IPS)
- Privileged Access Management (PAM)
- Vulnerability Management (VM)
- Identity Access Management (IAM)
- Data Classification and Protection
- Endpoint Protection (EP)
- Endpoint Detection and Response (EDR)
- Security Information and Event Management (SIEM)
- Collaborate with IT and external vendors to ensure smooth integration and operation of these tools.
Conduct Vulnerability Assessments and Analysis
- Conduct periodic security assessments of systems, networks and applications to identify and analyze threats, and recommend mitigations
- Proactively identify threats through advanced threat analysis and intelligence gathering.
- Support the Head of Cyber Security and Infrastructure in the coordination of penetration testing and red teaming initiatives conducted by external contractors.
Monitor and Respond to Cyber Security Incidents
- Oversee the real-time monitoring of security events and lead the incident response process, including forensic investigations.
- Respond to and manage cybersecurity incidents, ensuring rapid containment and resolution.
- Conduct root cause analysis and implement measures to prevent recurrence.
- Develop and maintain incident response plans, including playbooks and communication protocols.
Support Risk Assessment and Compliance Audit Activities
- Support the Heads of Cyber Security and Infrastructure and Internal Audit in conducting regular risk assessments to evaluate potential threats to GCGRA infrastructure and data.
- Ensure compliance with applicable standards, such as ISO 27001, NIST, and UAE-specific regulations.
- Provide recommendations for enhancing security posture and reducing risk exposure.
Cyber Security Oversight
- Support the Head of Cyber Security and Infrastructure in the development and enforcement of security policies, standards, guidelines, processes and procedures in alignment with UAE regulatory requirements and industry best practices.
Collaboration with Internal Teams and External Service Providers
- Work with GCGRA IT, DevOps, and internal business units to ensure secure application development, deployment, and maintenance.
- Support the Head of Cyber Security and Infrastructure in the supervision of third-party service providers to ensure the delivery of high-quality cybersecurity services.
- Evaluate vendor performance against SLAs and recommend improvements or changes as needed.
Conduct Training and Awareness
- Develop and deliver cybersecurity awareness programs for employees and stakeholders.
- Provide training for staff and external contractors on cybersecurity best practices and ensure team awareness of emerging threats.
- Stay updated on the latest cybersecurity threats and trends to proactively enhance security strategies.
Documentation and Reporting
- Maintain detailed records of cybersecurity tools, incidents, and processes.
- Provide periodic reports on cybersecurity metrics, compliance status, and risk mitigation efforts to the Head of Cybersecurity and Infrastructure, the CIO and other stakeholders.
Qualifications
- Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
- Minimum of 8 (eight) years of progressive technical experience in cybersecurity roles, with a focus on designing, engineering, implementing and managing security solutions and processes.
- Solid understanding of network and system security, application security, and data protection
- Hands-on proficient experience with security tools like SIEM (Microsoft Sentinel, Splunk, QRadar), firewalls (Palo Alto Networks, Fortinet), vulnerability scanners (Nessus, Qualys), and endpoint protection systems.
- Advanced knowledge of security frameworks and standards, such as NIST, ISO 27001, CIS Controls, or PCI-DSS.
- Strong knowledge of securing cloud platforms (AWS, Microsoft Azure, Google Cloud), including IAM, MFA, SSO, encryption, and compliance best practices.
- Proven experience in managing cyber security incidents, conducting threat hunting using advanced methodologies. Experience in digital forensics technology solutions and investigations is desirable.
- Knowledge of scripting languages such as Python, PowerShell, or Bash for automation and custom security solutions.
- Certifications such as CISSP, CISM, CEH, GIAC or similar are highly desirable.
About Us
The General Commercial Gaming Regulatory Authority (GCGRA) is the federal executive agency responsible for regulating and overseeing commercial gaming in the United Arab Emirates. We aim to drive sustainable growth by cultivating world-class commercial gaming operations and implementing efficient regulation, grounded in the principles of integrity, innovation, and responsible practices.
Established by Federal Law by Decree and headquartered in Abu Dhabi, the GCGRA is the executive authority that holds exclusive jurisdiction to regulate, license, and supervise all commercial gaming activities and facilities in the UAE.
