Information Security Administrator

Sukoon Insurance • Contract • دبي, AE • 3d ago

Job Purpose:

The Information Security Administrator will be responsible for managing and maintaining the organization’s security infrastructure, monitoring, and responding to security incidents, and ensuring compliance with regulatory standards (ISO 27001:2022, ADHICS, IA Standard – UAE). This role involves proactive threat management, vulnerability remediation, conducting Security reviews on various environments / application, participate in security analysis and design, and supporting business continuity and risk management initiatives.

Key Responsibilities:

1. Security Operations & Incident Management

Act as the primary liaison with the MSSP SOC provider for continuous monitoring and analysis of security alerts from SIEM and other security tools.
Investigate, triage, and respond to security incidents, ensuring timely containment, eradication, and recovery.
Implement and enforce security controls to block Indicators of Compromise (IOCs) and mitigate threats across infrastructure and applications.
Maintain detailed incident documentation and ensure compliance with audit requirements.

2. Vulnerability & Threat Management

Perform regular vulnerability assessments and coordinate remediation with relevant teams.
Track and report on vulnerability closure status and escalate delays to management.
Ensure timely patching and configuration hardening across servers, endpoints, and network devices.

3. Security Infrastructure Administration

Managing security tools such as SIEM, EDR/XDR, WAF, IDS/IPS, Proxy, NAC, Microsoft E5 Security suite with support of various vendors / internal IT team members
Managing CyberArk PAM Solution independently (knowledge of any PAM solution is desirable) – Support available from vendor.
Optimize security configurations and ensure integration with monitoring and alerting systems.
Support deployment and tuning of SOAR workflows for automated incident response.

4. Compliance & Governance

Ensure adherence to regulatory and industry standards (ISO 27001, ADHICS, IA Standard).
Assist in internal and external audits, providing evidence and remediation plans.
Maintain and update security policies, SOPs, and guidelines.
Understanding of GRC practices
Should be able to participate in drafting policies, guidelines, and SOPs.
Should be able to conduct GAP Assessments

5. Reporting & Metrics

Prepare weekly and monthly security dashboards, vulnerability metrics, and incident KPIs for management review.
Develop Power BI or similar dashboards for real-time visibility of security posture.

6. Business Continuity & Risk Management

Support the implementation of the Business Continuity Program, including BCP drills, table-top exercises, and staff training.
Assist in conducting Information Security Risk Assessments and implementing mitigation plans.

Requirements

Experience: 5+ years of total experience out of which 2-3 years should be in Information Security operations or administration, preferably in a SOC or enterprise security environment.
Strong understanding of SOC operations, incident lifecycle, attack vectors, and threat mitigation techniques.
Should be able to manage security technologies: SIEM, EDR/XDR, WAF, IDS/IPS, Proxy, NAC, PAM.
Good knowledge of vulnerability management processes and tools.
Solid understanding of network fundamentals, TCP/IP, and secure configurations and should be able to review network security during triaging.
Strong analytical and problem-solving skills with ability to work under pressure.
Excellent communication skills (oral and written) and ability to prepare executive-level reports and dashboards.
Familiarity with ISO 27001, ADHICS, and UAE regulatory requirements.
Awareness of Business Continuity and Disaster Recovery principles.
Certifications such as CEH, CompTIA Security+, ISO 27001 Lead Implementer/Auditor, or equivalent.
Experience with SOAR automation, threat intelligence platforms, and cloud security controls.