CISO - Chief Information Security Officer
  • United Arab Emirates Dubai
  • Help AG
1 year before
31.01.2024
Oversee and Govern
Cybersecurity Management
Job Description

Dubai
Help AG is looking for a Senior Security Professional acting in the role of CISO for a reputable customers of Help AG. He will play a critical role in developing and executing the organization's information security strategy and be responsible for ensuring the confidentiality, integrity, and availability of the organization's information assets and managing risks associated with information security.

Responsibilities:

• Information Security Strategy: Develop and implement an information security strategy aligned with the organization's goals, industry best practices, and regulatory requirements. Continuously assess the security landscape and emerging threats to enhance the security posture.
• Managed Security Service Provider (MSSP) Partnership: Collaborate with MSSPs to design, implement, and manage security controls and technologies. Monitor the effectiveness of the MSSP services and ensure compliance with service level agreements (SLAs).
• Governance, Risk, and Compliance (GRC): Establish and maintain a robust GRC framework to manage risks and compliance requirements. Conduct risk assessments, develop risk mitigation strategies, and oversee the implementation of security controls to protect the organization's assets.
• Security Operations: Lead and manage the security operations team responsible for monitoring, detecting, and responding to security incidents. Develop incident response plans, conduct regular drills, and coordinate with relevant stakeholders to ensure timely and effective incident response.
• Security Architecture and Engineering: Collaborate with IT teams to design and implement secure network architectures, systems, and applications. Ensure security requirements are incorporated throughout the development lifecycle and perform security reviews of third-party solutions.
• Security Awareness and Training: Develop and deliver security awareness programs to educate employees about security best practices, policies, and procedures. Foster a culture of security awareness and compliance across the organization.
• Compliance and Regulatory Requirements: Stay abreast of applicable laws, regulations, and industry standards related to information security. Ensure the organization's compliance with relevant requirements and manage security audits and assessments.
• Incident Response and Forensics: Oversee the investigation of security incidents, conduct root cause analysis, and implement corrective actions. Maintain strong relationships with law enforcement agencies, legal counsel, and external incident response resources.
• Security Metrics and Reporting: Define key performance indicators (KPIs) and metrics to measure the effectiveness of the information security program. Provide regular reports and updates to senior management and board members on the organization's security posture and risks.

Qualifications & Skills

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Relevant industry certifications such as CISSP, CISM, CRISC, or equivalent.
• Proven experience in information security, including roles in MSSP and GRC.
• Strong understanding of security technologies, network protocols, and infrastructure.
• Deep knowledge of security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and GDPR.
• Familiarity with risk assessment methodologies and regulatory compliance requirements.
• Experience in incident response, security operations, and security architecture.
• Excellent leadership and communication skills with the ability to collaborate effectively with cross-functional teams and senior executives.

Benefits

• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Annual flight tickets to your home country
• Excellent learning and development opportunities.
• Inclusive and diverse working environment.
• Flexible/Hybrid working environment.
• Open door policy.

About Us

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity.

With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0147   Knowledge of emerging security issues, risks, and vulnerabilities.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0121   Knowledge of information security program management and project management principles and techniques.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0149   Knowledge of organization's risk tolerance and/or risk management approach.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0248   Knowledge of strategic theory and practice.
  • K0047   Knowledge of information technology (IT) architectural concepts and frameworks.
Required Skills
  • S0018   Skill in creating policies that reflect system security objectives.
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Required Abilities
  • A0163  Ability to interpret Communications Security (COMSEC) terminology, guidelines and procedures.
  • A0165  Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.