Specialist Information Security (UAE National)

About This Role

JOB OBJECTIVE:

This role requires a technical expert with broad experience arc

hitecting and implementing information security technology solutions in a large enterprise environment. They must be able to act as a technical leader to support talent development and the building of high-performance teams. An effective collaborator, the Cybersecurity Specialist will work closely with key stakeholders including the Sr. Network Engineer, Systems Architect, and other teams to implement effective business solutions. With deep and broad background in information security and related services, the successful candidate will also be current with emerging best practices and service trends, particularly all aspects of cloud computing.

• Security systems development, testing, analysis, and implementation

• System vulnerability assessment and management

• Response to security threats, attacks, and similar events

• Development of threat prevention strategies

• Coordinate & conduct black/white box security assessments with industry standard security tools

• Regular generation of reports for executives and administrators

• Comply with Health, Safety and Environment Policies (mandatory for all)

• Risk Management (mandatory; line manager discretion) • Work independently on technical issues and recommend design solutions. • Demonstrate a solid understanding of infrastructure, virtualization, cybersecurity standards, and operating procedures. • Collaborate with other members of the cybersecurity team to develop new protocols, layers of protection, and other both proactive and defensive systems that stay one step ahead of cyber criminals. • Maintain security guidelines, procedures, standards, and controls documentation • Maintain a working knowledge of current cybercrime tactics.

• Lead the analysis of the current technology environment to detect critical deficiencies and recommend solutions for improvement Conduct incident response analyses; develop.

• Participate in and lead design sessions with Finning personnel as well as external parties.

• Consult on application or infrastructure development projects to harmonize systems or infrastructure.

• Assist with designing the governance activities associated with ensuring compliance with Information Security Policies.

• Monitor and ensuring compliance to standards, policies, and procedures.

• Define high-level migration plans to address the gaps between the current and future state, typically in sync with the budgeting or other planning processes.

Description:

• Develop, support, and advance strategies, policies, programs, and projects designed to continually improve and enhance cyber and information security posture and resiliency

• Oversee compliance with applicable laws, rules, and regulations related to cyber and information security

• Work with the compliance team to establish policies/standards/guidelines to ensure systems record user activities and access to sensitive data in support of insider risk management

• Develop and implement software security compliance program that takes a risk-based approach to ensure appropriate compliance to policies/standards/guidelines

• Contribute to awareness and outreach efforts both internally and externally

• Attend all regular, special, and emergency meetings regarding cyber and information security

• Regularly review the operation of security controls and recommend changes designed to improve effectiveness and/or counter emerging risks

• Maintain threat, attack and risk models and perform regular analysis to ensure firm is adequately mitigating risks

• Make appropriate recommendations for security enhancements to the line manager or any external vendor providing services including tools, technologies, services, policies, procedures, and other areas as needed

• Lead efforts to evaluate and select vendors for security assessments, penetration testing, and other similar security services

• Direct and oversee the evaluation of security tools and make acquisition recommendations to the IT Security Manager

• Manage budgets, maintain financial forecasts, develop, and present business cases

• Establish objectives and milestones and manage activities to deliver high-quality results within budget and schedule

• Other duties and obligations as assigned by the line manager

Derives Future State Cyber Security Architecture for the IT Infrastructure and OT Infrastructure:

• Lead the development (or update) of the Defensive Strategy and Model for the implementing cyber security

• Work with multiple stakeholders to identify areas for cyber risk reduction on the IT Infrastructure and OT systems.

• Lead the evaluation of the potential impact of implementing difference cyber risk reduction methods (i.e., cyber security controls) with in the IT infrastructure.

• Act as the primary interface to architect the defensive model and implement cyber security controls across systems for desired risk reduction.

Assess Current State and Areas for Risk Reduction

Assess Current State and Areas for Risk Reduction:

Lead the conduct of a cyber-security self-assessment initiatives based on international standard, national standards, and state of practice.

• Assess defensive strategy and the implementation of the cyber security program.

• Provide an evaluation on current milestone delivery and regulatory compliance.

• Lead the development of a corrective action plan for achieving desired risk reduction and maturing program elements.

Risk Reduction Strategy Development:

Lead the development of a risk reduction strategy for the protection critical systems and associated critical digital assets (CDAs).

• Lead the development of a risk management strategy to include a cyber security control implementation strategy for effective and sustainable risk reduction.

• Assist in establishing key performance indicators to monitor changes in cyber risk.

• Communicates with senior leadership on cyber security strategic issues and current risks.

• Act as a liaison with the UAE regulatory authority, to validate cyber security performance meets or exceeds regulatory expectations for protection against the design basis threat.

Leading Solutions Design:

Leads the creation of deliverables related to design and analysis of technology solution to ensure that solution meet business and operation needs.

• Design, Build, Implement and support an Enterprise-class security systems.

• Design security architecture elements to mitigate threats as they emerge.

• Create solutions that balance business requirements with information and cybersecurity requirements.

Risk Management

(Mandatory; Line manager discretion)

• Analyse current risks and identify potential risks in responsibility

• Report the risk tailored to the relevant audience

• Build risk awareness amongst team by providing support and training

Framework:

Follow the international framework designed to standardize the selection, planning, delivery, and maintenance of IT services within a business

Technology Research

• Strategic planning (medium and long term) based on company objectives to keep in line with new developments in IT

• Research new technology to determine what would best support their organization in the future

Policies & Procedures:

▪ Follows all relevant Department/Unit policies, processes, standard operating procedures, and instructions so that work is carried out in a controlled and consistent manner.

▪ Ensuring the organization adheres to legal frameworks in areas such as discipline & grievance, redundancy, and employment law.

Health, Safety & Environment:

▪ Ensure compliance to all relevant health, safety, and environmental management policies, procedures, and controls across the department to guarantee employee safety, legislative compliance, and a responsible environmental attitude.

Minimum Qualifications:

• Bachelor’s degree holder in Computer Science/Engineering or equivalent

Minimum Experience:

• Minimum 5 years’ experience in Information Technology (IT) & Operational Technology (OT) Cyber security