Head It Infra & Security

Dubai, United Arab Emirates

Job Description

Job Summary

The Head of Information Security is responsible for establishing and maintaining a groupwide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the enterprise risk management.

This position requires an individual with sound knowledge of business management and hands-on experience in various aspects of information security. The Head of Information Security will proactively work with the all business units of IFFCO and Corporate to implement practices that meet defined policies and standards for information security. He/She is responsible to oversee IT security operational activities across the Group. The Head of Information Security is also responsible for implementing and governing IT General Control across the IFFCO group.

The role reports into Director - Infrastructure & Security.

Core Reponsibilities

The Head of Information Security is composed of various of responsibilities, including strategic, tactical, and operational activities in support of the overall organization\'s strategy.

Information Security Strategy, Planning and Governance
Information Security Risk and Control Management
Information Security Projects execution
Information Security Operations Management (SOC)

Roles & Responsibilities
  • Develop, implement and monitor a strategic, comprehensive enterprise information security and support risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
  • Liaise with the Infrastructure and Application teams to ensure alignment between the security and enterprise IT application\'s architecture, thus coordinating the strategic planning implicit in these architectures.
  • Experienced in designing the IT General Controls and implementing across IFFCO group. Experienced SAP & SAI GRC is an added advantage.
  • Create and manage information security and cyber risk management awareness training programs for all employees, contractors and approved system users.
  • Develop a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
  • Provide regular reporting on the current status of the information security program and ITGC controls to enterprise risk teams, senior business leaders.
  • Provide Third-party risk assessments for various IT vendors and Products, and issue security schedules.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  • Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
  • Provide strategic cyber risk guidance for technology projects, including the evaluation and recommendation of technical controls.
  • Liaise among the information security team and corporate compliance, audit, legal and human capital teams as required.
  • Manage security incidents and events to protect corporate technology assets, including intellectual property, regulated data and the company\'s reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
  • Mentor and coach direct reports ensuring success in their role and readiness for success into new roles within the information security function
  • Manage the enterprise\'s information security organization, consisting of direct reports and indirect reports (such as individuals in technology operations or managed service providers). This includes hiring, training, staff development, performance management and annual performance reviews.
  • Develop self and others within the function through mentoring, training and engagement in talent development activities
KPIs
  • Information Security Strategy definition and execution
  • Information Security awareness Program creation and execution
  • IT Risk Management
  • Information Security Policy, Standards creation and governance
  • Execution of security projects with in time lines and budgets
  • Creation of cyber incident response strategies and periodic exercise execution.
Work experience requirement
  • A minimum of 12 years of professional IT Risk and Security related experience
  • Expertise and experience in implementing & monitoring Information Security controls, practices and technology for multiple levels within an organization, cascade, and plan Training sessions as and when needed.
Technical Skills Required
  • Cloud security experience - Azure security certifications is added advantage.
  • SOC/Security Incident Management experience - CISM/Similar certification is added advantage.
  • Network security experience - Firewalls, IPS log analysis
  • Data Security experience - AIP, CASB, DLP, Intune etc
  • Preventive/Detective security tools - SIEM, xDR, EDR etc
  • Experienced in handling internal and external audits and IT General Controls.
Qualification
  • Bachelors Degree required. Master\'s Degree preferred.
  • IT Risk & Security Certification or similar preferred - e.g. CISA, CISM, CISSP, PCIP
  • Microsoft Azure and AWS Cloud Infra security expertise
  • Knowledge and expertise in Cisco, Checkpoint Firewalls, Fortinet and Cloud based internet access and web filtering, Web application Firewalls, DMZ, End user desktop/laptop/handheld devices security
  • Knowledge of security setup in SAP, Oracle, Windows and Linux systems.
Competencies

Business Acumen

Driving Results

End user Computing environment

IT Architecture (Infra and Application)

IT Budget and cost control

Knowledge of Corporate Governance Practices

Leading and Managing Change

Ownership and Accountability

Self and Team Management

Strategic Thinking

Business Unit: Corporate-Information Services (4205)

Business Group: Information Services (2629)

IFFCO

Beware of fraud agents! do not pay money to get a job

MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD1615345
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Dubai, United Arab Emirates
  • Education
    Not mentioned