Senior Security Officer
  • United Arab Emirates Abu Dhabi
  • nx Digital Technology
1 year before
31.01.2024
Securely Provision
Risk Management
Job Description

About the job

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
Work directly with the business units to facilitate risk assessment and risk management processes
Develop and enhance an information security management framework
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services
Provide leadership to the enterprises information security organization
Partner with business stakeholders across the company to raise awareness of risk management concerns
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
Antivirus, Anti Malware, Anti Ransomware Protection
Management of the OS Process and log files including security logs

Requirements

Bachelor’s degree in equivalent field
Over 9+ years of experience in Development, Implementation and Testing of Web
Intermediate knowledge in network fields

Required Certification

CISSP, CISA, ISO27001 certifications


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0066   Knowledge of Privacy Impact Assessments.
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
  • K0264   Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
  • K0487   Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
  • K0065   Knowledge of policy-based and risk adaptive access controls.
  • K0297   Knowledge of countermeasure design for identified security risks.

Required Skills
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • S0006   Skill in applying confidentiality, integrity, and availability principles.
  • S0141   Skill in assessing security systems designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0171   Skill in performing impact/risk assessments.
  • S0271   Skill in reviewing and editing assessment products.

Required Abilities
  • A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • A0111  Ability to work across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives.
  • A0023  Ability to design valid and reliable assessments.
  • A0115  Ability to work across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives.