Infosec and Threat Assessment Manager
  • United Arab Emirates Dubai
  • Emirates NBD
1 year before
31.12.2023
Protect and Defend
Vulnerability Assessment and Management
Job Description

Department Description:
The formation of the Group Information Security function is to ensure EmiratesNBD information and data is resilient against external and internal security threats embed information security mindset as a core element of organization business strategy and provide an independent objective view of EmiratesNBD Security posture to the management committees The unit exists to provide secure banking environment for our customer and employees
Brief Description:
The formation of the Group Information Security function is to ensure EmiratesNBD information and data is resilient against external and internal security threats embed information security mindset as a core element of organization business strategy and provide an independent objective view of EmiratesNBD Security posture to the management committees The unit exists to provide secure banking environment for our customer and employees
Detailed Description:
The Infosec and Threat Assessment Manager will conduct testing for Emirates NBD infosec assets through focused threat based methodologies to identify expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance
Develop manage and maintain the Security Assessment program as part of the Threat and ComplianceTCM Charter and associated operating procedures based on the requirements of Emirates NBD policy audit compliance and regulatory requirements
Job Requirements:
Assess the security and compliance of infrastructure and application technologies by them for weaknesses in order to protect customers and employees from attacks
Enhancement of the TCM Charter
Development and Execution of the Security Assessment Portfolio Program
Development and Execution of the Threat Modelling framework
Interact with Group IT leadership to ensure that assessment activities are planned published and scheduled
Organize and participate in governance forums to present threats associated vulnerabilities and compliance posture of the information assets of the bank
Act as a security ninja and advisor to internal teams to advise known methods of breaking and bypassing controls
Participate inPurple Teaming exercises with defense teams
Operationalizing the threat modelling framework to be utilized for the Security Assessment program
Manage the portfolio of security assessment services
Proficient in industry best practices in threat and vulnerability management analytical and correlation tools
Be accountable and responsible when conducting security assessments in a controlled manner that do not cause business impacts
Additional Details:
Education General Professional
Bachelors or Masters degree in Computer Science Mathematics or equivalent discipline
Masters Degree in Business Management or equivalent
Certifications such as CISSP OSCP OSCE CREST
Certifications such as GPEN SANS GWAPT

Qualifications
AS Mentioned in the JD
Primary Location: United Arab Emirates-Dubai-Dubai - Nadd Al Shiba, Meydan, Building M
Job: Professional Support
Organization: Group Information Security
Schedule: Regular
Shift: Standard
Job Type: Full-time
Day Job

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • K0161   Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • K0162   Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • K0344   Knowledge of an organization’s threat environment.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0009   WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)
  • S0137   Skill in conducting application vulnerability assessments.
  • S0171   Skill in performing impact/risk assessments.
  • S0364   Skill to develop insights about the context of an organization’s threat environment
Required Abilities
  • A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0120  Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.