Cyber Security Manager (Emiratisation Talent Pool)

Job Purpose:

Implement a comprehensive EKFC Information Security working with senior Management that covers Security Policy, Risk identification and Mitigation of Information security controls across all new and existing IT Services to ensure SLAs are met, GRC process followed.

Key Result Areas:

1. Root Cause Analysis of IT Security Incidents and identify improvements to prevent its re-occurrence

2. Communicate impact during Major incidents with relevant parties including Incident reports & Risk mitigation steps

3. Collaborate with EKFC IT Security stakeholders on security policies, Risks and ensure controls in place

4. Identify, protect and respond to Incidents and work with 3rd party partners, Eg : Security Operation Centre, to Proactively monitor and deliver appropriate & quick remediation for Incidents

5. Be an information security expert and work with stakeholders to provide advice on requirements for security controls

6. Work with EKFC IT team to ensure IT Services/projects both New and existing, follow strict IT Security guidelines

7. Deliver on KPI’s of IT Security at EKFC including security metrics, monitoring parameters and reporting requirements

8. Reduce IT operational risks to an acceptable level by identifying and classifying risks, defining and implementing mitigation and corrective actions where required

9. Implement regular plan for vulnerability assessments, penetration tests, technical risk assessments and compliance reviews on EKFC IT infrastructure

10. Ensure any security weaknesses and risks are managed through their life cycle from identification to closure and provide appropriate visibility of same to Management.

Knowledge, Skills & Minimum Experience:

Education Qualification:

a. BE or bachelor’s degree in computer science, Math's etc.

b. Certifications in Cyber security/ IT Security / Risk - CISSP, CISM, CISA, GIAC, CEH, CRISC etc.

c. ITIL, AGILE/PMP, COBIT certification (Preferred)

Work Experience:

d. Minimum 8 years of IT Experience with extensive focus on IT Security

e. Mandatory 4 years’ experience in IT Security covering IT Audit, IT Risk and Cybersecurity

f. Must have worked in Information Security/Risk in a Global organisation with Complex/Hybrid IT Environment

g. Strong knowledge of IT Infrastructure – both On Premise and Cloud, BYOD, Application development etc.

h. Must have followed IT GRC Methodologies Skills:

I. Strong problem solving, analytical and time management skills

j. Security Frameworks - ISO2700130000/CIS Critical security controls, NESA etc.

k. Vulnerability Assessment and Penetration Testing (VAPT)

l. IT Security/Cybersecurity

m. ITSM and COBIT skills

n. Strong Interpersonal, Communication & Leadership skills.