Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
Responsibilities:
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT Risk Program
- Develop Security Objectives and ongoing performance monitoring & reporting measuring
- Establish relationships with range of internal/external stakeholders. Developing the right interfaces, messaging and reporting (e.g. participate in leading projects, design reviews, CAB, security testing, Banks & Govt. Departments)
- Ongoing performance measurement though KPI/KRI’s
- Perform Risk Assessments, within wider Risk Management framework
- Maintain a Security Incident Response program to ensure all incidents are managed from regulatory and customer requirements standpoint.
- Managing Security Department and sub-functional teams:
- Governance, Risk and Compliance
- Security Operations Centre (SOC) for IT Security
- Maintain PCI DSS, ISO 27001, NIST, ISR, NESA, ADSIC and UAE Central Bank PSP regulation compliance
- Build and maintain audit program for regulatory requirements, including PCI-DSS & ISO 27001 (internal/external)
- Establish and maintain effective Security Awareness program
Job Requirements
Profile:
- Bachelor’s degree in Computer Science, Information Technology or similar field, or equivalent experience
- Familiar with Financial Services industry practices, particularly with UAE regulatory, legal and compliance requirements.
- +9 years of information security experience (+2 years in UAE) with a focus on leading, and shaping security teams and functions within financial industry, with focus on:
- Electronic Payment Systems and services
- Maintaining Scheme (e.g. financial crime, conduct of business, consumers rights, and risk management, including reporting)
- Development or maturing from ‘standing start’ a distinct advantage
- +5 years of leadership roles moving organisations towards PCI-DSS & ISO27001 ISMS compliance and certification
- Industry recognized certifications in PCI-DSS & ISO27001 (QSA added advantage)
- Familiarity with NESA / DESC / ISR / ADSIC and UAE Central Bank PSP regulation standards
- Experience in Risk Assessments, Audits, Security Awareness programs and establishing effective Security Governance (within ISMS)
- Experience in document control frameworks e.g. Converting controls into policy, procedure, standards
- Security Architecture experience e.g. reviewing and validating application or infrastructure technical architecture designs