We are looking for Data Compliance Specialist in Abu Dhabi and below is the job description: -
Contract Duration: 1 Year
Qualifications:
Bachelor’s degree in an information technology, computer science or cyber/ information security.
+5 years of experience in cyber security, security auditing, risk assessments or any other related field.
Preferred Certifications:
CISM: Certified Information Security Manager
CGEIT: Certified Governance of Enterprise IT
CRISC: Certified Risk and Information Systems Control
CISA: Certified Information Systems Auditor
RMP: Risk Management Professional
CRMA: Certification in Risk Management Assurance
GRCP: GRC Professional
CompTIA Security+
CompTIA Network+
CySA+: Cybersecurity Analyst Certification
CSAP: Certified Security Awareness Practitioner
Tasks and Responsibilities:
Key Accountabilities
Develop an annual compliance plan to ensure adequate auditing of compliance to cyber security policies and guidelines.
Develop and maintain detailed compliance monitoring mechanisms and frameworks.
Execute periodic and ad-hoc compliance checks and cyber risk assessments to ensure that cyber security controls and measures are adherent to the mandated cyber security policies and guidelines.
Develop policy compliance reports including required corrective actions and recommendations.
Conduct IT and cyber security risk assessments based on current state of adherence to policies and rate of adoption of security controls and mechanisms.
Provide remedial actions against non-compliance and collaborate to develop plans to reach a state of compliance.
Follow up on the implementation status of defined corrective actions to adhere to policies.
Organize policies, standards training and awareness based the on periodic release of updated regulations or compliance mechanisms as required،
Assess the effectiveness of security controls.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centres)
Provide input to the Risk Management Framework (ISO 31000 and NIST SP 800-30) process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Assure successful implementation and functionality of security requirements and appropriate policies and procedures that are consistent with the organization’s mission and goals.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Develop the strategy, goals, and objectives for the cyber security training, and awareness program.
Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.
Plan training and awareness strategies such as sessions, demonstrations, interactive exercises, multimedia presentations, video courses, web-based courses for most effective learning environment.
Conduct interactive training exercises to create an effective learning environment.
Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.
Provide direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
Develop computer-based training and awareness modules, learning objectives and goals, and awareness assessments for measuring and assessing employees’ proficiency.
Review training and awareness documentation (e.g., Content Documents).
Create and deliver training and awareness courses tailored to the audience and physical environment.
Conduct training and awareness needs assessments and identify requirements.
Design training and awareness curriculum and course content based on requirements.
Develop training policies and protocols for cyber training.
Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
Plan and coordinate the delivery of training and awareness techniques and formats (e.g., video courses, mentoring, web-based courses, lectures, demonstrations, interactive exercises, multimedia presentations) for the most effective learning environment.
Ensure that training meets the goals and objectives for cybersecurity training and awareness.
Conduct periodic reviews/revisions of training and awareness content for accuracy, completeness alignment, and currency.
Develop or assist with the development of privacy training and awareness materials and other communications to increase employee understanding of organization privacy policies, data handling practices and procedures and legal obligations.
Ensure that the cyber security awareness program communicates the security policies and requirements.
Ensure security awareness information is updated on regular basis and reflects the latest security trends and threats.
Collect and maintain data needed to meet system cybersecurity reporting. Identify top human risks in the organization.
Establish and maintain communication channels with stakeholders.
Knowledge
Risk management requirements, frameworks, assessments, approaches, methodologies and processes (e.g., methods for assessing and mitigating risk).
Organizational security policies.
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication).
Networking concepts and protocols, and network security attacks, vulnerabilities, processes, methodologies, access control mechanisms, traffic analysis methods, security architecture concepts including topology, protocols, components, and principles.
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Information classification program and procedures for information compromise.
Security scans, vulnerability assessments and penetration testing principles, procedures, methodologies, tools, and techniques.
Network, system and application security threats and vulnerabilities types.
Specific operational impacts of cybersecurity lapses.
Authentication, authorization, and access control methods.
Business continuity and disaster recovery continuity of operations plans.
Enterprise information security architecture.
Evaluation and validation requirements.
Security Assessment and Authorization process.
Current industry methods for evaluating, implementing, and disseminating security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
New and emerging information technology (IT) and cybersecurity technologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Cybersecurity and privacy principles.
Technology that can be exploited.
Multiple cognitive domains, tools and methods applicable for learning in each domain.
Learning assessment techniques (evaluation plans, tests, quizzes).
Computer based training and e-learning services.
Instructional design and evaluation models.
Organizational training policies, processes, and procedures.
Training and awareness levels, modes, styles, principles and methods.
Learning Management Systems and their use in managing learning.
Media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media.
Principles and processes for conducting training and awareness needs assessment.
Cyber competitions as a way of developing skills by providing hands-on experience in simulated, real world situations.