Lead, Cyber Security Assurance - UAE National

About This Role

Job Summary: To lead and deliver all aspects of Cyber assurance and vulnerability management (OT and IT) by analyzing, assessing and prioritizing daily threat assessment briefings, recommend remediation strategies for vulnerabilities identified through evaluations and enhance the security controls and Cyber Security Assurance frameworks throughout TAQA Group.

General Responsibilities:

• Strategy and Planning

▪ Implement the organizational strategy in line with business vision, mission, and corporate objectives; as well as the group delegation of authority policy.

▪ Ensure that the overall business strategy is translated into annual operational business plans and the performance is monitored to ensure business plans are in line with the overall growth plan.

• Policy, Procedures, Process and Systems

▪ Implement policy, systems, processes, procedures and controls covering all functional areas in line with group delegation of authority policy to ensure fulfillment of all relevant procedural/ legislative requirements while consistently delivering quality and cost-effective service.

• Reporting

▪ Ensure all divisional reports are completed timely and comply with HQ and business policies and standards.

▪ Manage the preparation of periodical management reports and progress reports to keep the senior management informed about the progress of various initiatives and to facilitate decision-making.

▪ Comply with organization requirements in a timely manner.

Job Specific Responsibilities:

▪ Provide technical expertise and support in the design, deployment, and monitoring of security architecture for enterprise infrastructure so that sensitive data and critical infrastructure systems are protected.

▪ Identify, develop and integrate effective vulnerability management tools, processes, and capabilities across TAQA's systems, networks, and applications. Coordinate with IT and OT security teams to ensure timely remediation of identified vulnerabilities, tracking progress, and verifying successful resolution.

▪ Perform necessary testing on critical SOS environments and applications in collaboration with the cybersecurity team to ensure security and mitigate risks.

▪ Utilize attack surface modeling tools and techniques to identify vulnerabilities, conduct and monitor daily threat assessment briefings and facilitate effective implementation of scrum frameworks within the team.

▪ Execution of vulnerability assessments tools and configuration compliance programs across on-prem and cloud environments and assess findings to implement improvement initiatives.

▪ Perform risk assessments to determine the potential impact of identified vulnerabilities on the organization's assets, operations, and reputation so that appropriate measures can be taken to address and mitigate those risks. Gather information from different sources to assess the security risk, analyze threats and vulnerability feeds, security tools and intelligence sources.

▪ Provide actionable recommendations for risk mitigation and control enhancement based on vulnerability assessment findings.

▪ Lead the system administration responsibilities for core Cyber Assurance systems and manage effective operations of such systems to identify and address potential disruptions.

▪ Develop and maintain incident response procedures for addressing critical vulnerabilities and security incidents and provide expertise and support to resolve security incidents promptly.

▪ Manage timely identification of potential security threats and raise escalations to Security Incident Response team for timely resolution and avoid recurrence.

▪ Manage effective coordination with internal stakeholders during the investigation process to assess root causes of security incidents and recommend accurate solutions.

▪ Suggest and implement process improvement initiatives across multiple detection sets in order to drive improved and seamless operations.

▪ Generate detailed Cyber Assurance reports and metrics on vulnerability trends, risk exposure, and remediation efforts for senior management and stakeholders to facilitate informed decision-making and risk management.

▪ Deliver knowledge sessions on advanced threats, continuous vulnerability assessment, effective responses and mitigation strategies used in cybersecurity operations to enhance cybersecurity awareness and preparedness.

▪ Stay abreast of industry regulations, standards, and best practices related to vulnerability management, ensuring compliance with relevant requirements.

These responsibilities are representative and the role holder is also responsible for any other job assigned by the superior authorities from time to time.

Essential Requirements

• Bachelor’s degree in Engineering, Computer Science, Information Systems or equivalent

• 8 years of experience in IT, cybersecurity or similar role

Preferred Requirements

• Master’s degree in Engineering, Computer Science, Information Systems or equivalent

• Certified in one of the following: CISSP, GREM, CSAP, OSCP, CYSA+, SAN/ GIAC

• 10+ years of experience in IT, cybersecurity or similar role