إنتهت صلاحية هذا الإعلان الوظيفي لقد إنتهت صلاحية هذا الإعلان الوظيفي و هو غير مفتوح حاليا لأي طلبات عمل.
Create and maintain Statement of Applicability to determine, document and establish controls of information security required as per ISO 27001 standard for enterprise Injazat. Document information security policies, processes and procedures by assigning ownership, mapping controls to key business areas and objectives and manage the policy development lifecycle process by handling policy exceptions. Recommends and influences new or existing information security processes, procedures and methodologies. Responsible to maintain and protect the confidentiality, integrity and availability (CIA) quotient by evaluating people, process, tools and technologies required for an enterprise’s mission critical assets. Determines strategic and tactical compensating security controls that are required to mitigate the threats, risks and vulnerabilities that are identified. Assists in managing and maintaining Injazat Enterprise Business Continuity Management program. Oversee and assist in monitoring of the organisation IT systems by assessing risks periodically, conducting current statement assessments and gap analysis. Apply clear, accurate controls per compliance requirements and internal controls in order to communicate better and report on compliance obligations thereby proactively manage the regulatory, framework and standard changes across the business. Maintain and manage the Risk Management framework that establishes structure and accountability for risks, threats, issues and vulnerabilities with remediation and mitigation plans. Reduce the risk of security threats, poor or misaligned security practices and operational security compliance failures. Develop and maintain a consolidated catalogue that demonstrates the compliance quotient for all applicable standards and frameworks like ISO and local regulations like Mubadala, NESA, ADSIC and NCEMA. Responsible for periodic, timely risk assessment and treatment of Information security systems and sub-systems to determine compliance with defined policies or standards. Conducts benchmark exercises by comparing, measuring and documenting the differences between requirements, specifications, frameworks or standards and present practice. Documents and/or reports compliance review results and follows up to ensure preventive and corrective action is taken. Initiate vulnerability assessments periodically as a proactive approach by identifying potential risks and ensure the resolution with the respective business units. Conducts high level gap analysis to gauge information security outlook of business units and enterprise environment. Ensure compliance through adequate training and awareness programs and periodic internal audits.
(7-10) years of experience in computing or related area with a focus on technology, management, policy and security. Professional information and IT security certifications such as CISSP/GIAC/SSCP/ CISA/ ISO 27001/ COBIT. Excellent command of English Language and Communication Skills. Strong Planning and Organization Skills. Strategic thinking with high attention details. Demonstrated ability to work under pressure, ability to prioritize to ensure positive results of the assigned opportunities. High level of commitment to achieve optimum results. Experience in Microsoft Office