Information security Officer
- Develop and maintain security policies, standards, and procedures, ensuring they are current, relevant, and effectively communicated to all employees.
- Conduct regular risk assessments and vulnerability analyses, prioritizing remediation efforts based on potential impact and likelihood.
- Submission of regulatory reports to CBUAE and ADHICS.
- Conduct awareness trainings for various departments in line with organization and regulatory requirements.
- Orchestrate and oversee the development and implementation of a comprehensive information security program, aligning with business objectives and risk appetite.
- Lead incident response efforts, eradication, and recovery from security breaches, minimizing business impact.
- Provide guidance and training to staff on security best practices, fostering a security-conscious culture throughout the organization.
- Stay abreast of the latest security threats, vulnerabilities, and industry trends, proactively adapting security measures to address emerging risks.
- Manage and maintain security compliance with relevant regulations and frameworks, such as SIA (NESA), ADHICS, DHA, PDPL, and ISO
- Collaborate with internal and external stakeholders, including IT and business units, to ensure security is integrated into all aspects of the organization.
- Prepare and present security reports to senior management, providing clear and concise updates on security posture, risks, and mitigation strategies.
- Manage and monitor security technologies and tools, including firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) solutions.
Desired Candidate Profile
- Holds a Bachelor's or master's degree in computer science, Information Security, or a related field; a strong foundation is key.
- Possesses relevant certifications such as CISSP, CISM, or CISA; validation of expertise is a must.
- Minimum of 5 years of experience in information security, with a proven track record of success.
- Experience in the financial services or healthcare industry is preferred; understanding industry-specific security challenges is a plus.
- Proficient in risk assessment methodologies and vulnerability management; experience in security auditing is highly desirable.
- Demonstrates strong technical skills, including knowledge of network security, cloud security, and endpoint security; hands-on experience is essential.
- Adaptable and resourceful, capable of thriving in a fast-paced environment and responding to evolving security threats.
- Exhibits excellent communication and interpersonal skills, able to effectively communicate complex security concepts to both technical and non-technical audiences.
