Job Description

Job Purpose: Develop and maintain the IT Risk Framework, provide reporting and risk metrics of the risk management activity, maintain the IT Risk Register, with a focus on CyberSecurity risk, Third party risk, Operational risk and Project & Programme risk. Conduct regular risk assessments and report the result to Management. Act as an enabler for the business and strengthen our IT risk framework to support Management decision making. Job Outline: - Define and develop a risk management framework to effectively assess and manage all IT risks that could potentially impact the goals of Emirates IT. The framework should be based on industry standards and industry best-practices. - Develop a risk assessment methodology within the framework such that all IT risks are identified, assessed based on likelihood and impact, recorded, prioritised, mitigated and communicated to stakeholders. - Assess current levels of risks within the Emirates IT environment on an on-going basis in accordance with the implemented framework. Ensure that the mitigation plan and the responsibility for mitigation is agreed for all the identified security risks with the risk owner. - Maintain the IT Risk Register to effectively record, communicate and track the progress of mitigation of the risks. - Co-ordinate with risk owners and manage all the identified risks through their life-cycle from identification to immediate containment to resolution to verification to closure through the IT Risk Register. Provide appropriate reports on the risk status to the Management. - Provide regular support to the CyberSecurity teams on security and risks in projects. - Train IT staff on the Risk Management methodology and usage of the IT Risk Register. - Keep abreast of new and emerging risks within the IT environment and disseminate the relevant information to all concerned and ensure immediate containment actions are initiated. - Develop Key Risk Indicators to assess the CyberSecurity risk posture of business areas, automate the process and provide regular updates to the business. - Provide Management regular updates on the Top 10 risks of Emirates IT. - Utilise opportunities to develop direct reports, establishing clear objectives and supporting them through training, and/or leading projects and intiatives that meet their development plans. Mentor, coach and provide feedback to support their development to cultivate a high performance culture which aligns with the future capability needs of IT.
Qualifications & Experience: Experience and Qualifications IT Security : 8+ Years Degree or Honours (12+3 or equivalent) : Degree in an IT related subject Experience in IT risk management and CyberSecurity Knowledge/skills: International Standards such as NIST, ISO31000, ISO27001, PCI-DSS, ITIL, COBIT, Cyber Security standards, etc. Highly effective communication skills with written and oral fluency in English Leadership Role : YES Safety Sensitive Role: No
Salary & Benefits: Join us in a management role and enjoy an attractive tax-free salary. On top of our generous travel benefits, including discounted flights and hotel stays around the world, this managerial role also has an excellent leave and healthcare package. That’s on top of transport benefits, life insurance and more.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0048   Knowledge of Risk Management Framework (RMF) requirements.
• K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0090   Knowledge of system life cycle management principles, including software security and usability.
• K0121   Knowledge of information security program management and project management principles and techniques.
• K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
• K0149   Knowledge of organization's risk tolerance and/or risk management approach.
• K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
• K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Required Abilities

• A0165  Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.