IT Governance Senior Specialist

Confidential • Full-time • أبو ظبي, AE • 3w ago

Title : IT Governance Senior Specialist

We are an shared services organization based in Abu Dhabi on the lookout for skilled Senior Specialist IT Governance to support our growing operation.

Job purpose: Support in the development, defining and embedding best practice information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework (CSF), Abu Dhabi Digital Authority and NESA. Ensure the technical teams to make security and governance decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.

Corporate Security Operations

Support the Unit Head with the unit’s annual operations plan to ensure that IT Governance plans are aligned and congruent with the needs and plans for the department.
Lead in monitoring and supporting the implementation of ISO 27001 framework and Information Security Management System (ISMS) in-line with the department’s objectives.
Support on tasks assigned as part of the compliance reviews, certifications and accreditations (ISO27001, Cyber Essentials, GDPR etc.) ensuring escalating any red flags.
Implement the GRC controls and measures to protect systems and data ensuring alignment with all the technical protocols in the organization.
Support in the development of Information security compliance frameworks, security policies and procedures, where necessary ensuring alignment with the department’s defined goals.
Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
As directed by the Unit Head to work with Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments (Pen tests and Vulnerability scans etc.) of vendors and solutions (SaaS, IaaS providers and MSSP)
Support in ensuring the physical security domain, including and not limited to, CCTV and site access control systems.
Ensure the implementation of the information and corporate security training and awareness sessions to ensure system security and efficiency of both server and network and to improve overall knowledge and awareness across the organization in-line with the required objectives.
Provide reports and recommendation on user access reviews on all the technology stacks.
As directed to conduct periodic assessments information security risk assessments and security checks on IT systems, applications, networks and infrastructure, with follow-up action plans, escalating risks and providing recommendations for enhancements based on data sources.
Contribute to the delivery of secure systems and implement proportionate controls by working with Product, Change, Risk, IT teams and 3rd party vendors.
Other duties as applicable to the role.

Shared Activities

Carry out any other duties and responsibilities related to the role at the request of the direct manager.
Follow all relevant departmental policies, processes, standard operating procedures, and instructions so that work is carried out in a controlled and consistent manner.
Demonstrate compliance to organization’s values and ethics at all times to support the establishment of a value drive culture within the organization.
Contribute to the identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction.

Qualification and Experience required :

Bachelor Degree in Cyber Security (or equivalent).
Master Degree in Cyber Security (or equivalent)
Certifications in IT is preferred – CCNA, ITNL, MCSE, CISSP
PMP – project management certified desirable
English language advanced proficiency is a must
Fluency in Arabic highly desirable
Minimum of 3 to 5 years in Information Security, Corporate Security, Cyber Security or equivalent
Experience in Azure Cloud Security is a must
Working knowledge of Security Architecture and potential security issues related to PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment.
Knowledge of security technologies such as IDS/IPS, vulnerability testing, threat intelligence and firewalls