Information Security Manager

ARENGY is a Digital and Cybersecurity Consulting Company operating in the Middle East from Dubai. Our customers are the most successful industry leaders executing projects around the globe. We are partnering with one of the leading Banking & Insurance Company in Dubai. We are looking for an Information Security Manager.

Job Description

The Information Security Manager will manage the overall information security risk, operations and governance functions ensuring optimal management of the security operations center and security incidents. He/She will govern the pentest, vulnerability management, policy compliance and third-party risks assurance activities proper execution and timely remediation of the identified risks and vulnerabilities through reporting and escalation. Additionally, he/she will provide consultative support from information security perspective to IT, Business and External stakeholders.

Key Responsibilities

• Support the Regional CSO and the Senior Information Security Manager in the definition of the Cyber Defense Strategy.
• Define policy, process frameworks, or/and update them periodically.
• Manage the security tools – vulnerability scanner, policy compliance, source code scanner, cloud security monitoring tools.
• Define or/and update the security KPI, KRI dashboard for presenting to various internal and external committees and maintain them in collaboration with IT Operations and Platform Owners within the acceptable thresholds.
• Govern the deliverables of SOC and maintain the KPI in check.
• Guide the Security Analysts in alerts and investigations as needed mentor the team.
• Ensure the SOC monitors all operations and infrastructure from a Security perspective.
• Support the Senior Manager on areas of risk management, especially around 3rd party risk assurance and assessment functions.
• Respect the annual budget defined for his activities and projects.
• Ensure the achievement of the annual IS Targets (KPIs) agreed.
• Lead the implementation of complex projects related to Information Security and Cyber Defense.
• Collaborate in strategic deliverables on improving protection around crown jewels through data loss prevention and identity and access management program across the organization.
• Ensure compliance with legal and regulatory requirements for Cyber Defense and SOC, adopting the necessary measures according to the local environment.
• Supporting and actively collaborating in other IT initiatives, key transformation projects.
• Work closely with Platform Owners, Architecture team and IT Operations to define Security by Design and Privacy by Design approach from the beginning of the projects.
• Lead and manage all Cyber Defense Governance (Committees, guidelines, correspondents, etc.).
  
  

Operational & technical responsibilities

• Logical structure thought processing to find sound solutions,
• Drive teams for successful outcomes,
• Design formal Project plans and present to key stakeholders,
• Able to manage transversal teams and project concepts succinctly and concisely,
• Able to focus self and team under pressure for long periods, prioritize important tasks and adhere to tight timelines.
  
  

Essential

Profile / Requirements :

• Positive attitude and problem-solving mindset
• Supporting organizations best interest first
• Strategic thinking
• Expert knowledge on information and data security
• Seasoned on both Offensive and Defensive Security.
• Strong knowledge concerning Information Technology (Applications, Architectures, Networking, Infrastructures, etc.)
• Good "Timekeeper"
• Open minded to international environment
• Management and leadership skills.
• Team player.
• Good interpersonal relationship and communication skills.
• Excellent English written and spoken communication skills.
• Able to work independently under minimum supervision.
• Ability to make a positive impact in the organization.
• At least a bachelor's degree in computer science or cybersecurity streams
• International Information Security Standards (ISO 27001, CIS, NIST, etc.)
  
  

Desirable

• CISSP, OSCP, GPEN, GCIH, like well recognized certification(s).
• Not mandatory but an advantage on having any cloud specialization like –
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security – Specialty
• Good knowledge of local laws and regulations with impact in Cybersecurity