Sr. Information Security Analyst
  • United Arab Emirates Sharjah
  • Dautom
1 year before
31.12.2023
Oversee and Govern
Cybersecurity Management
Job Description

About the job
Responsibilities


Responsible for ongoing development and governance of policies and procedures relating to IT and IS Risk management.


Ensure that all internal, external, services and regulatory Information Security (IS) audits are passed.


Confirm and maintain security policy documentation.


Engage with management to ensure support for the IS program.


Coordinate with vendors, auditors, and other departments to enhance IS.


Design, develop and manage a program for IS awareness.


Review Business Requirement Documents (BRDs) from IT Compliance and information security perspectives and provide input at the early stages.


Conduct periodic technical vulnerability assessment and penetration testing or as when requested by business system owners.


Integrate IS requirements into organisation processes e.g., change control, mergers and acquisitions, and lifecycle activities


Consult and/or develop remediation plans across all operational areas of IT (i.e., Security, Disaster Recovery, Change Management, IT Operations, etc.)


Conduct Risk Assessment of all new applications and publish Residual Risk Report (as per Risk Management framework) to


Project Owner prior to go-live.


Perform any other tasks given by the line manager or senior management.


Compliance and adherence to the HR laws, Confidentiality policies and other policies applicable.


Preferred Skills


Good communication and presentation skills.


Ability to understand complex business processes and activities.


Flexible work approach based on the job requirements.


Ability to self-organize his time and meet deadlines.


Qualifications


Bachelors degree in information security, information technology or related technical discipline


Certification in CISA, CIPP, CEH, CISM, CISSP, 27001 Lead Implementer etc. is an added advantage


Experience in the Implementation of Management Systems, Risk Assessment, Information Classification, Security


Awareness, and Compliance.


Expertise in one or more of the following areas: Security Governance, Incident Response, Security Operations, Threat Intel,


Cloud Security, Architecture, Data Protection, Network Security, Endpoint Security, IAM


Experience in being involved in implementation and skills in at least 2 of the following standards: ISO/IEC 27001, ISO 22301,


PCI-DSS, ISO/IEC 20000-1, UAE(IA), ISR.


Understanding the information security concepts and the implementation requirements of Management Systems, Risk


Assessment, Data protection & Security Awareness.


Additional Notes


No. of Experience required in the field - Minimum 5 years of experience out of which 3 years should be in Information Security.

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0003   Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0008   Knowledge of applicable business processes and operations of customer organizations.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0149   Knowledge of organization's risk tolerance and/or risk management approach.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0018   Skill in creating policies that reflect system security objectives.
Required Abilities
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).