Manager - Information Security

ADGMUnited Arab Emirates1 day ago

Full-timeInformation Technology

Track This Job

Add this job to your tracking list to:

Monitor application status and updates
Change status (Applied, Interview, Offer, etc.)
Add personal notes and comments
Set reminders for follow-ups
Track your entire application journey

Save This Job

Add this job to your saved collection to:

Access easily from your saved jobs dashboard
Review job details later without searching again
Compare with other saved opportunities
Keep a collection of interesting positions
Receive notifications about saved jobs before they expire

AI-Powered Job Summary

Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.

Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.

Job Description

Job Summary: The objective of this senior subject matter expert focus on the day-to-day operations of the operations that provides threat detection, event monitoring, incident triage, incident handling, incident responses, recovery services, cyber hunting, and forensic and malware analysis functionality across all served network environment. This role shall ensure alignment and achieve the objective of the establishment enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected in a risk driven approach based on the ADGM Enterprise Risk management framework. The role will be responsible for all matters related to Enterprise information security operations with direct impacts to strategies, policies, processes, standards & related activities. This role shall oversee the Information Security activities and its associated cyber security operations across ADGM and its subsidiaries as well as ensure resiliency and readiness of ADGM businesses performing and overseeing security assurance assessments.

Core Accountabilities:

Accountable for alignment of security risk management to ensure digital empowerment & agility in a secure manner.
Assure ADGM's management & businesses on predictive cyber and information security risks to make key decisions, thereby ensuring secure & resilient investments to achieve their intended business objectives.
Conduct and manage periodic compromise assessments across selected networks and propose recommendations based on assessment results
Ensure appropriate information privacy, intellectual rights, confidentiality, integrity & availability controls are effectively implemented in ADGM.
Ensure that ADGM GRC objectives are achieved & are effectively implemented, practised and assisted within ADGM.
Ensure and oversee that appropriate information governance and management policies and practices are implemented and practised across digital services.
Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus, Threat Intelligence Providers) to maintain updated of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
Foster security best practices and internal controls across ADGM to minimise the exposure to digital and cyber risk.
Ensure that ADGM applicable regulatory compliances are achieved & effectively managed within ADGM.
Govern and assure the Cyber Security Operations are well managed, in collaboration with the ADGM IT Security and Operations department.
Assure business resiliency and readiness to safely thrive through any disastrous events across the organisation or region.
Ensure the function's performance is measured on a periodic basis as well as ensure objectives are achieved.
Ensure ADGM digital transformation has strategically designed security & resiliency domain-driven based on the overall business and cyber risks.
Ensure ADGM cloud strategy by establishing required security measures to accommodate the cloud cybersecurity risks & policies supporting secure operating model.
Provides cybersecurity recommendations based on significant threats and vulnerabilities.
Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operational Plans.
Ensure crisis communication plans are adequately implemented across security operations.
This role shall ensure the Digital and Cloud Infrastructure Architecture are secured and monitored consistently.
Oversee cloud and organisation related projects to ensure appropriate usage of security tools and security methodologies, controls are in place to reduce risk exposure.

Operational responsibilities:

Establish an integrated & business-centric strategy & program plan for security management, risk management and resiliency management across ADGM.
Ensure appropriate security controls protection of business valued and classified ADGM information by protecting the privacy, IPR rights, Confidentiality, Integrity and availability in its entirety across ADGM and its subsidiaries.
Perform and oversee the threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
Review and endorse the robust Information Security management policies & relevant controls are development & implementation supporting ADGM business activities.
Ensure the security concepts such as cyber-attacks and techniques, threat vectors, risk and threat management, incident management etc. are implemented appropriately
Ensure that risk management activities are insight-driven, business-focused to proactively identify the business, security and cyber risks across the organisation.
Proactively communication risks to line manager and other stakeholders with the objective to strengthen the ADGM's risk culture and responsiveness to change
Ensure proactive identification of the Information security and Cybersecurity risk across strategy, operations as well as tactical levels.
Ensure that appropriate and meaningful KPI's, KCI's and KRI's are established
Establish and ensure accuracy of reports, dashboards and metrics for security operations are available to senior leadership.
Ensure that appropriate metrics providing consistent business-centric results are established for periodic presentation to management.
Ensure consistent management of the threat intelligence and modelling in accordance with the ADGM Digital Infrastructure and Business Services.
Ensure that major threats and strategic risks, reputational risks, and interconnected risks with information security and cyber security risks are managed appropriately.
Assist ADGM in adopting new technologies with a true understanding of their risks as well as their possibilities.
Establish the appropriate security road map based on the approved security strategy.
Ensure that appropriate internal controls are effectively implemented in ADGM.
Ensure participation to support security awareness program reducing digital and cyber risk posed by ADGM users.
Ensure appropriate and rigorous governance is established & implemented for the strategic and classified information across ADGM digital infrastructure and especially acquired cloud services.
Oversee and endorse the identity and access management practices across ADGM to mitigate the risks as well as in compliance with the regulatory requirements.
Ensure appropriate support and assurance for the successful execution of the security, risk and resiliency audits by internal and external auditors.
Responsible for developing and ensuring ADGM Cloud Architecture is in accordance with the Information Security best practices considering all the required security controls.
Responsible for developing and ensuring that multi-layer security controls aligned with the defence-in-depth strategy, frameworks and blue prints as well as Information Security Policy.
Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.
Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Ensure Information Security Policies, Processes, Run-books, SOP, etc. Are developed, reviewed and maintained regularly.
Ensure System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code, Controls are in implemented and tested to reduce risk posture.
Ensure Information Security Incident Response strategy, plan and procedure are developed, reviewed, maintained and practised in accordance with best practice.
Ensure Information Security Solutions are maintained, updated and operated effectively and efficiently with required security assurance and trust levels.

Business Continuity Responsibilities

Actively support the business continuity responsibilities assigned to ADGM Users for successful resilient business process and activities.

Managerial:

Manages team with full accountability for achieving overall agreed objectives
Creates an environment where team members consistently drive to improve performance
Manages by effectively empowering team members
Takes responsibility for mentoring high potential and most critical talent in their career progression
Reviews performance of the team and addresses performance issues quickly through clear decisions

Information Security related:

Understand, adapt, adhere and practice responsibilities or controls as per ADGM Information Security policy and best practices explained in the induction and awareness sessions.
Confidentiality, integrity and availability of the ADGM Information shall be maintained at all times

Job Qualifications & Experience:

10+ years of experience in managing the Enterprise-wide Information Security and Risk Management & 3+ years of relevant experience in business management.
Bachelors in Information technology, computer science or related fields.
Experience and knowledge of a broad range of standards, frameworks and the required controls families such as Risk Mgmt. Controls, Cloud Security Controls, Fintech Security, Data Analytics, etc
Experience and knowledge in International recognised Industry related certification requirements such as ISO27001, ISO20000, ISO22301, ISO31000, ISO 27032, ISO27017, PCI DSS, etc.
Extensive knowledge & proven experience in articulating complex enterprise-wide Governance, Risk and Compliance mgmt. Strategy & policies from an Information Security perspective.
Experience in converting complex strategy and policies statements into Internal and technical controls applicable across the organisation.
Experience in establishing, assessing and optimising of the IT and Information Security Governance Frameworks and Model.
Sound knowledge of different information-related risks at the enterprise, strategic, operational, cyber & IT domain levels.
Well-versed in all Enterprise Risk Management-versed areas in all Enterprise Risk Management areas, including the risk identification, remediation, & periodic monitoring.
Knowledge of common risk management methodologies — for example, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management
Information Security Risks impacts and solid understanding of project management principles.
Ability to translate understanding of the organisation’s goals and objectives into compliance requirements.

Key Skills

Ranked by relevance

Ready to apply?

Join ADGM and take your career to the next level!

Application takes less than 5 minutes

Apply