JOB OBJECTIVE:
This role requires a technical expert with extensive experience in architecting and implementing information security technology solutions within a large enterprise environment. The IT Security Officer plays a key role in maintaining our operational security posture, working closely with the IT Security Manager.
In this role, you will manage the IT Security Management System and enforce its procedures, including device hardening, secure maintenance, account management, policy and procedure implementation, management reporting, vulnerability assessments, penetration testing, and leading cybersecurity training initiatives. With your support, Tabreed will uphold its high security standards and controls.
You will ensure the effective application of security procedures in compliance with UAE Cloud Security Controls, NIST, and ISO 27001. This includes both proactive and reactive security management, covering users, data, systems, devices, and networks. Your responsibilities will encompass access management, backups, data transfers, denial-of-service protection, disaster recovery, email security, ICT equipment management, logging, mobile device management, patching, privileged user controls, secure network management, system administration, system hardening, and vulnerability management.
You should have a strong background and education in security management, with technical, analytical, and compliance expertise in the security domain. Your communication style should be open and professional, ensuring that both internal and external stakeholders find you reliable, responsive, and well-organized.
Our company has a very low tolerance for cybersecurity risk, with a strong focus on compliance and assurance. It is essential that all procedures are clearly documented, consistently applied, strictly followed, and regularly audited.
KEY ACCOUNTABILITIES
Develop and support strategies, policies, programs, and projects designed to continually improve and enhance cyber and information security posture and resiliency
Oversee compliance with applicable laws, rules, and regulations related to cyber and information security.
Lead cybersecurity training programs and outreach efforts both internally and externally
Attend all regular, special and emergency meetings in regards to cyber and information security
Regularly review the operation of security controls and recommend changes designed to improve effectiveness and/or counter emerging risks.
Maintain threat, attack and risk models and perform regular analysis to ensure firm is adequately mitigating risks.
Make appropriate recommendations for security enhancements to the IT Security Manager or any external vendor providing services including tools, technologies, services, policies, procedures, and other areas as needed.
Derives Future State Cyber Security Architecture for the IT Infrastructure:
Development (or update) of the Defensive Strategy and Model for the implementing cyber security at the Tabreed.
Work with multiple stakeholders to identify areas for cyber risk reduction on the IT Infrastructure.
Evaluation of the potential impact of implementing different cyber risk reduction methods (i.e. cyber security controls) with in the IT Infrastructure.
Act as the primary interface with the Tabreed stakeholders to architect the defensive model and implement cyber security controls across Tabreed IT systems for desired risk reduction.
Assess Current State and Areas for Risk Reduction:
Lead the conduct of a cyber-security self-assessment initiatives based on international standard, national standards, and state of practice.
Assess the Tabreed’s defensive strategy and the implementation of the cyber security program.
Provide an evaluation on current milestone delivery and regulatory compliance.
Solutions Design:
Creation of deliverables related to design and analysis of technology solution to ensure that solution meet business and operation needs.
Design, Build, Implement and support an Enterprise-class security systems.
Design security architecture elements to mitigate threats as they emerge.
Create solutions that balance business requirements with information and cybersecurity requirements.
Framework:
Follow the international framework designed to standardize the selection, planning, delivery, and maintenance of IT services within a business.
Technology Research:
Strategic planning (medium and long term) based on company objectives to keep in line with new developments in IT.
Research new technology to determine what would best support their organization in the future.
JOB REQUIREMENTS:
Minimum Qualifications:
Bachelor’s degree holder in Computer Science/Engineering or equivalent.
Relevant cybersecurity certifications (e.g., CompTIA Security+, CEH, ISO 27001 Lead Implementer).
Minimum Experience:
Minimum of 2 years of experience in Information Technology (IT) Cybersecurity.
Hands-on experience in running mission-critical cybersecurity operations.
Strong knowledge of security frameworks such as NIST, ISO 27001, and UAE Cloud Security Controls.
In-depth understanding of network security principles, access controls, and risk management.
Experience in conducting security risk assessments, audits, and vulnerability management.
Strong analytical skills and attention to detail.
Ability to effectively communicate security concepts to both technical and non-technical audiences.
High level of personal integrity, with the ability to handle confidential matters professionally and demonstrate sound judgment and maturity.
