Manager - Cyber Security

Section I: Job Purpose

Cybersecurity Strategy & Governance

• :
• Lead the development, execution, and continuous evolution of the organization’s cybersecurity strategy and governance framework, ensuring strong alignment with business priorities and regulatory expectations.
• Define, implement, and regularly update a comprehensive cybersecurity strategy and multi-year roadmap that supports organizational growth and digital transformation initiatives.
• Align security programs and investments with business objectives, risk appetite, and emerging technology trends.
• Establish and maintain a robust cybersecurity governance framework, including policies, standards, procedures, and control mechanisms in line with international best practices and local regulations.
• Design and oversee the enterprise security architecture, ensuring scalability, resilience, and integration across all platforms, systems, and applications.
• Develop and enforce security policies covering areas such as data protection, access control, cloud security, and third-party risk management.
• Drive security-by-design principles across all IT and business projects to ensure early integration of cybersecurity controls.
• Provide strategic direction on security technologies, tools, and platforms to support long-term organizational needs.
• Monitor and report on the organization’s cybersecurity posture, key risk indicators, and compliance status.
• Present regular updates, risk insights, and strategic recommendations to executive leadership and relevant governance committees.
• Foster a culture of cybersecurity awareness and accountability across the organization through leadership engagement and governance initiatives.

Security Operations & Threat Management

• Lead and manage day-to-day operations of the Security Operations Center (SOC), ensuring effective monitoring and incident response.
• Establish and enhance continuous monitoring capabilities, including advanced threat detection and security analytics.
• Oversee threat intelligence, proactive threat hunting, and vulnerability management initiatives to strengthen the organization’s security posture.
• Direct the investigation of major cybersecurity incidents, including digital forensics and root cause analysis.
• Ensure timely response, containment, and recovery from cyber threats and security breaches.

Security Architecture & Zero Trust Implementation

• Design, implement, and continuously enhance a Zero Trust security architecture across identity, network, endpoints, applications, and data environments.
• Define and enforce secure architecture standards across cloud, hybrid, and on-premises infrastructure.
• Lead the deployment, integration, and optimization of key cybersecurity technologies, including:
• Security Information and Event Management (SIEM) and security monitoring solutions
• Endpoint Detection and Response (EDR/XDR) platforms.
• Identity and Access Management (IAM) systems.
• Privileged Access Management (PAM) solutions.
• Data Loss Prevention (DLP) tools.
• Vulnerability assessment and patch management programs.
• Cloud Security Posture Management (CSPM) solutions
• Ensure alignment of security architecture with business objectives, regulatory requirements, and industry best practices.

Smart City Cybersecurity Governance & Strategy

• Lead the development and implementation of a comprehensive cybersecurity framework for smart city initiatives.
• Establish and oversee cybersecurity policies, standards, and procedures tailored to smart city environments.
• Define and drive the Smart City Cybersecurity Strategy, including standards and a 5-year strategic roadmap.
• Develop and enforce OT/IoT security standards, including secure device onboarding and lifecycle management.
• Design and maintain smart city threat models and risk registers to proactively identify and mitigate risks.
• Establish and manage incident response plans for city-wide digital services and critical infrastructure.
• Ensure all smart city projects adhere to vendor security compliance requirements through standardized assessment frameworks.

Risk Management & Compliance

• Develop, implement, and manage the enterprise cybersecurity risk management framework.
• Ensure organizational compliance with key international and regional security standards, including NIST Cybersecurity Framework 2.0, CIS Critical Security Controls, ISO/IEC 27001, GDPR, and UAE Information Assurance Standards.
• Lead and coordinate internal and external cybersecurity audits, ensuring timely closure of findings.
• Maintain and regularly update risk registers and drive the execution of risk mitigation and remediation plans.

Cybersecurity Program & Project Management

• Lead end-to-end delivery of cybersecurity transformation programs, ensuring alignment with business and risk objectives.
• Define, govern, and continuously optimize the cybersecurity roadmap, with clear milestones and measurable outcomes.
• Oversee cross-functional execution of cybersecurity initiatives, ensuring on-time delivery, quality, and stakeholder alignment.
• Embed cybersecurity requirements into enterprise IT and digital transformation programs, enforcing secure-by-design principles.

Business Continuity & Disaster Recovery

• Establish, lead, and continuously enhance enterprise-wide Business Continuity (BCP) and Disaster Recovery (DR) programs.
• Drive cyber resilience strategies to ensure the availability and recovery of critical systems and infrastructure.
• Oversee and conduct regular disaster recovery testing, crisis simulations, and readiness exercises, ensuring continuous improvement and compliance with best practices.

Third-Party & Vendor Security

• Establish and lead third-party cybersecurity risk management frameworks and processes.
• Oversee security due diligence and risk assessments for vendors, partners, and service providers.
• Ensure ongoing vendor compliance with organizational security policies, standards, and contractual requirements.

Budget & Resource Management

• Develop, manage, and optimize the cybersecurity budget aligned with strategic priorities.
• Evaluate and prioritize cybersecurity technologies and investments based on risk impact and business value.
• Drive cost-effective security spending to maximize risk reduction and operational efficiency.

Security Awareness & Culture

• Lead the development and execution of enterprise-wide cybersecurity awareness and training programs.
• Foster a strong security-first culture, promoting shared responsibility across all business functions.
• Drive the adoption of secure-by-design principles across development and operational practices.

Continuous Security Improvement

• Continuously assess cybersecurity maturity, identifying gaps and driving improvement initiatives.
• Define and implement security metrics, KPIs, and executive dashboards for effective reporting.
• Benchmark the organization’s security posture against industry standards and peer organizations, driving continuous enhancement.

People Management

• Lead and inspire a cross-functional team of digital experts, fostering a culture of collaboration, innovation, and accountability.
• Provide leadership within the function, setting objectives, managing performance, and developing staff to maximize performance.
• Define team goals, conduct performance reviews, and identify skill development needs.

Minimum Qualification

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related discipline.
• Professional certifications in Cybersecurity or IT Management are preferred.

Experience

• 10 - 12 years of progressive experience in Cybersecurity and Information Security roles.
• Minimum of 3–5 years of experience in leadership or cybersecurity management positions.
• Proven track record in managing enterprise-wide security programs and security operations.
• Hands-on experience in implementing globally recognized cybersecurity frameworks and standards.
• Experience operating within large-scale enterprises or multi-site environments.
• Demonstrated experience in developing and implementing cybersecurity policies, strategies, and governance frameworks.

Skills

• Cybersecurity strategy development and enterprise security architecture
• Security governance, risk management, and regulatory compliance leadership
• Threat detection, incident response, and security operations (including SIEM platforms)
• Identity and access management (IAM), cloud security, and infrastructure protection
• Vulnerability management and proactive risk mitigation
• Executive stakeholder engagement and cross-functional leadership
• Cyber crisis management and strategic decision-making under pressure
• Cybersecurity program management and delivery oversight
• Vendor, contract, and third-party security management
• Budget planning and financial oversight for cybersecurity functions
• Business continuity, incident response planning (IRP), and disaster recovery (DR) management.
• Strong written and verbal communication skills with the ability to engage both technical and business stakeholders.