ICT Information Security Lead – UAE NATIONAL

Job purpose

This position has to participate in building ISRM ICT Security framework along with ISRM, other ICT stakeholders, other EITC stakeholders etc and ensure to comply with new and existing NBI project to go through proper ISRM compliance, based on multiple security standards. It considers a single point-of-contact for security and technical risks with customer’s security team, and lead all customer security governance, compliance processes & security risk.

The job holder needs to ensure a ISRM security risk assessment in practice for all operational changes and incidents. Also, direct security specialist to perform periodic risk assessments for the entire customer environment. Moreover, he needs to develop new policies as per need while maintain existing security policies such as ISO 27001, ISO 27017 and other standards provided by local authorities. This position includes working with Enterprise customer/Business team to contribute to the development and implementation of other components of an effective compliance program. This work is managerial in nature and needs to coordinate with ISRM, other units and require discussions, negotiations skills.

Key Accountabilities:

Operational risk management

• Review of operational request for fulfillment and provide security approval or rejection
• Review of operational change requests and provide security approval or rejection
• Review critical security incidents and recommend appropriate response
• Review and approve major change as part of CAB
• Identification and communication of risks to management
• Perform operational risk assessment of new systems, and ensure critical risks are mitigated.
• Develop, maintain and own the organizational risk register.
• Drive the periodic review of user access permissions
• Ensure DevOps workflows, pipelines and processes are compliant with SDP security policies and ISO 27001 standard
• Review security exception requests and approve or reject.
• Ensure identified risks are mitigated as per the organization’s risk appetite.

Security governance

• Lead Information Security Governance Group (ISGG) monthly meetings and drive information security across internal teams.
• Lead Information Security Task Force (ISTF) monthly meetings and drive information security across internal teams.
• Setting up of yearly security objectives in alignment with business objectives, and ensuring objectives are achieved.
• Escalation of unhandled security risks to SDP , SDG managements and ICT management.
• Develop, monitor and achieve KPI’s for the continual improvement of information security across the organization.
• Ownership of the annual security calendar and ensure planned activities, tasks and processes are completed on time.
• Review and maintenance of 37 security policies
• Review and maintenance of processes, registers, forms and standards
• Compile the monthly security governance report
• Ensure operational changes are compliant with SDP security policies
• Ensure business continuity processes and adequate documentation are in place.
• Ensure the periodic conducting of DR drill to achieve RTO and RPO targets.
• Develop policies to address emerging areas of risk or compliance.
• Drive bi-annual Management Review Meeting (MRM) with senior management from SDP and SDG.

Compliance

• Ensure all operational changes and requests across NBI environment are compliant with DESC/ ISO 27001/ SDG security requirements
• Conduct mandatory security awareness training to internal and external team members during onboarding process.
• Ensure the employees assigned to customer comply with customer security policies.

Security Certifications

• Ensure Information Security Management System (ISMS) based on ISO 27001 is operating robustly.
• Ensure that the security controls implemented as part ISO 27001 are effective and operating as intended.
• Implement ISO 27017 cloud security certification security controls
• Co-ordinate with multiple team members to fulfill requirements of ISO 27017 certification.
• Represent the organization during internal and external ISO 27001 audits
• Ensure mitigation of findings identified during internal and external audits of ISO 27001.
• Ensure all other certification like PCIDSS, CSA Star etc. to be compliant for renewal.

Key Qualifications, experience, skills and competencies:

• Bachelor Degree in Computer Science or Information security.
• Proven experience gathering requirements, analyzing needs and providing technical solutions to meet client needs.
• Highly specialized skills such as experience in lead roles in security, privacy, risk, or compliance (ISO, CISO, privacy, risk or compliance officer, etc.).
• Industry certifications, such as CISSP, CIPP or CISM, an asset.
• 10+ years’ experience designing and supporting security-based solutions, such as administrating and/or engineering Identity Life cycle Management, SIEM and other security-based technologies.
• Demonstrated understanding of security operations principles and processes, security architecture, and core information security knowledge.
• Must have a strong knowledge of security technologies and possess subject matter expertise within multiple IT and security sub-domains.
• Understanding of new technologies and demand in the industry.
• Demonstrated experience building client relationships and establishing the role of a trusted advisor; ability to lead clients through structured working sessions to facilitate inclusive discussions.
• Proven ability to motivate, coach, and empower team members to deliver organizational goals, while delivering value back to employees.
• Ability to demonstrate experience within a governance and quality role within a service provider setting
• Demonstrable experience of implementing governance and quality improvements
• Experience of setting targets and delivering tangible and sustainable results
• Experience of Patient Safety and Risk Management involvement and the key considerations required to evidence effective governance
• Experience of working with high performing teams and proactively managing performance, for example developing and implementing common systems and processes across teams
• Experience of establishing effective governance and ensuring regulatory compliance
• Demonstrable experience of developing productive partnerships, cross boundary working and working with stakeholders at all levels to achieve effective cross-system services
• Good understanding of basic principles of human resources, IT systems, project management and quality improvement methodology