Taaleem Co is seeking an experienced and highly motivated Information Security and Data Protection Manager.
The role is for Information Security and not IT security/Cybersecurity, with previous hands-on experience in Data Protection.
Job Purpose
The Information Security and Data Protection Manager will take the lead in providing a focal point for information security and risk matters, developing and implementing comprehensive information security strategies to safeguard the organization’s digital assets, infrastructure, and information systems. This role involves developing and maintaining information security policies, conducting compliance reviews, promoting information security awareness, and ensuring adherence to data protection regulations.
Key Accountabilities:
Policy Development and Maintenance:
- Develop and maintain information security policies, standards, procedures, and guidance.
- Establish and maintain data classification policies based on sensitivity and regulatory requirements.
- Ensure adherence to data classification policies across the organization and monitor compliance.
- Regularly review and update information security policies to align with industry best practices and emerging threats.
Risk Management Compliance:
- Conduct risk assessments to identify potential vulnerabilities and make recommendations to mitigate risks.
- Ensure continuous monitoring and understanding of global data protection requirements, including GDPR, and other relevant regulations. Adapt and implement necessary changes to the organization’s policies and procedures to maintain compliance with these evolving standards.
- Maintain currency with emerging security trends, threats, and new guidance or standards (both internal and external). Incorporate these insights into the organization’s information security strategies and frameworks to enhance overall security posture.
Security Awareness and Training:
- Promote security awareness by developing and implementing a security awareness and training program.
- Conduct regular training sessions and workshops for employees at all levels to ensure a high level of security awareness and compliance.
- Provide high-quality information security guidance documentation and support to staff and stakeholders.
Incident Response Management:
- Investigate suspected and actual security incidents, produce reports with recommendations, and ensure remedial actions are taken.
- Collaborate with the IT team to respond promptly to security incidents and monitor alerts.
- Conduct incident response activities and participate in post-incident analysis to implement necessary security improvements.
Data Loss Prevention (DLP):
- Deploy and configure DLP tools to monitor and protect sensitive data.
- Define and implement DLP policies and conduct risk assessments to identify vulnerabilities.
- Monitor DLP alerts, investigate incidents, and recommend controls to mitigate data loss risks.
Security Projects and Change Management:
- Lead security projects from initiation to completion, ensuring delivery on time and within budget.
- Develop project plans, including timelines, milestones, and resource allocation, to ensure successful delivery of security projects.
- Review and approve IT changes, service requests, and workflows to ensure adherence to information security policies.
Collaboration and Stakeholder Management:
- Collaborate with external auditors, regulatory bodies, and industry groups to ensure the organization’s security measures are compliant with legal and regulatory requirements. Facilitate audits and assessments by providing necessary documentation and evidence of compliance.
- Foster strong relationships with internal teams, including Risk, Legal, Compliance, and Business Units, to promote a cohesive approach to information security. Provide security advice and support for initiatives across the organization, ensuring security considerations are integrated into all projects and processes.
- Collaborate with vendors and security service providers to evaluate, implement, and manage security solutions. Ensure third-party solutions align with the organization’s information security policies and standards.
Requirements:
Education:
- Bachelor’s degree in information security or a related field.
- Professional certifications required (CISSP, CISM, CDPO).
Technical Knowledge and Expertise:
- Understanding and practical experience with the Data Protection Act and related legislation.
- Working knowledge of information security standards (e.g., ISO/IEC 27001).
- Subject matter expertise in data protection laws and regulations (e.g., UAE Privacy Laws, GDPR).
Experience and Abilities:
- At least 5+ years of work experience in Information Security.
- Ability to lead and deliver change, influence senior levels on security matters, and manage information risk.
- Strong verbal and written communication skills, with the ability to communicate effectively at all levels.
- Ability to manage time and priorities effectively, with a positive attitude towards continuous professional development.
Taaleem is committed to safeguarding and promoting the welfare of children. At Taaleem, we hold ourselves to a high standard of effective practices in relation to child protection and we are committed to safeguarding and promoting the welfare of children. We expect all staff to share this commitment. Successful applicants will be subject to various background checks including, receipt of high-quality references, proof of relevant qualifications, identification and police checks, including overseas checks.