Senior Director Information Security

As a Senior Director Information Security, you will be part of the information Security Team and responsible for the management, implementation and monitoring of secure IT systems and processes in accordance with the ISMS best practices and approved Enterprise Architecture, IT Strategy and Information Security Policy. You will also be responsible for the planning and development of the overall security culture and operations for the organization and for managing and reporting the information security project and posture updates to the stakeholders and senior management, develop and report the information security key performance indicators and oversite the information security audits.

Leadership and Team Management:

• Foster a culture of security by design, innovation, collaboration, and continuous improvement within IT and Security operations.
• Provide direction and leadership to the information security operations team.
• Recruit, mentor, and train security professionals to build a high-performing team and manage their performance and KPIs.
• Prepare and present regular security reports to executive leadership, highlighting key metrics, incidents, and trends.
• Manage the security budget and resources effectively.
• Stay up-to-date on the latest security threats and trends and design security programs to mitigate threats before they become real problems.

Information Security Operations Management:

• Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
• Develop and implement operational procedures, workflows, and best practices to ensure effective cybersecurity incident detection, response, and remediation.
• Lead and coordinate incident response efforts, including forensic analysis and reporting as per the company policy ensuring determination of root causes and recommendation of corrective actions.
• Coordinate with internal teams and external partners to investigate and resolve security incidents in a timely manner.

Security Infrastructure Management:

• Determine and implement the key controls and requirements to prevent data breaches, theft, malware, and other threats to an organization’s assets, as well as colleague and client information.
• Review and approve architecture, flow, and connectivity designs from a security perspective.
• Oversee the configuration and maintenance of security technologies, including firewalls, intrusion detection/prevention systems, antivirus, antimalware, DLP, NAC, endpoint security cloud security and threat intelligence platforms.
• Evaluate and recommend new security solutions and technologies to enhance the organization's security posture.
• Conduct regular security assessments and vulnerability scans and manage the overall threat and risk exposure of the organization to an acceptable level. All in compliance with the corporate security policy, legal, compliance or regulatory requirements making sure remediation of all reported security vulnerabilities are implemented within a pre-agreed timeframe

Security Policy and Compliance:

• Develop, implement, and enforce security policies, standards, and procedures in accordance with industry best practices and regulatory requirements.
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
• Ensure compliance with relevant cybersecurity regulations, frameworks, and standards (e.g., PCI DSS, GDPR, NIST, ISO 27001, NESA-IAS).
• Collaborate with internal audit and compliance teams to conduct security assessments and audits.

Incident Response and Crisis Management:

• Lead the organization's incident response efforts during cybersecurity incidents, including coordinating response activities, communicating with stakeholders, managing recovery efforts.
• Develop and maintain incident response plans, playbooks, and communication protocols.
• Conduct post-incident reviews and analysis to identify lessons learned and areas for improvement.

Security Awareness and Training:

• Develop and deliver cybersecurity awareness training programs for employees to promote security awareness and best practices.
• Collaborate with HR and training teams to ensure all employees receive regular cybersecurity training and education.

Collaboration:

• Manage security audits and vulnerability and threat assessments, and directing responses to concerned team members.
• Manage technology risk management process for the assessment and mitigation of any information security risk in the ecosystem consisting of, business operations, vendors, consumers and other third parties.
• Collaborate with other departments to integrate security measures into overall business processes as required.
• Work closely with other IT teams to ensure a secure design and deployment of new technologies is in place.
• Help all employees to clearly understand why certain policies are in place, as well as helping to train them in information security.

To be considered for this role, you will need to have:

• Bachelor’s degree in Information Security, computer science or related field is the minimum requirements for this position
• Industry Certification (CISSP, CISM) certification and/or equivalent certificates is minimum requirements
• Lead implementer/auditor ISO27001 and/or equivalent certificate
• Lead on PCI DSS compliance and payment solutions
• Minimum 15 years in Security Operations role
• Solid understanding of Information Security operations activities and security governance
• Hands on experience with Information Security Operations solutions, best practices and frameworks.
• Strong background in Information Technology and Security Operations
• Excellent leadership, communication, analytical and problem solving skills
• Experience in enterprise backup and disaster recovery solutions
• Sound knowledge and understanding of application security requirements and controls
• Experience on the technology risk management and documentation
• Hands on experience on vulnerability management solutions
• Hands on experience on application firewalls
• Knowledge of PCI, ISO and UAE Security Regulations (Consumer and Data)
• Experience with SOC, security incident response and forensics

Desirable:

• MBA
• ITIL certified
• Project Management (Waterfall and Agile) Certification
• 5+ years' experience of managing Data Security
• Knowledge of GDPR and other international security related guidelines and regulations
• Offensive security mindset, knowledge, and experience