Engineer Tester and COMMI

RESPONSIBILITIES

Responsible for ongoing development and governance of policies and procedures relating to IT and IS Risk management.

Ensure that all internal, external, services and regulatory Information Security (IS) audits are passed.

Confirm and maintain security policy documentation.

Engage with management to ensure support for the IS program.

Coordinate with vendors, auditors, and other departments to enhance IS.

Design, develop and manage a program for IS awareness.

Review Business Requirement Documents (BRDs) from IT Compliance and information security perspectives and provide input at the early stages.

Conduct periodic technical vulnerability assessment and penetration testing or as when requested by business system owners.

Integrate IS requirements into organisation processes e.g., change control, mergers and acquisitions, and lifecycle activities

Consult and/or develop remediation plans across all operational areas of IT (i.e., Security, Disaster Recovery, Change Management, IT Operations, etc.)

Conduct Risk Assessment of all new applications and publish Residual Risk Report (as per Risk Management framework) to

Project Owner prior to go-live.

Perform any other tasks given by the line manager or senior management.

Compliance and adherence to the HR laws, Confidentiality policies and other policies applicable.

PREFERRED SKILLS

Good communication and presentation skills.

Ability to understand complex business processes and activities.

Flexible work approach based on the job requirements.

Ability to self-organize his time and meet deadlines.

QUALIFICATIONS

Bachelors degree in information security, information technology or related technical discipline

Certification in CISA, CIPP, CEH, CISM, CISSP, 27001 Lead Implementer etc. is an added advantage

Experience in the Implementation of Management Systems, Risk Assessment, Information Classification, Security

Awareness, and Compliance.

Expertise in one or more of the following areas: Security Governance, Incident Response, Security Operations, Threat Intel,

Cloud Security, Architecture, Data Protection, Network Security, Endpoint Security, IAM

Experience in being involved in implementation and skills in at least 2 of the following standards: ISO/IEC 27001, ISO 22301,

PCI-DSS, ISO/IEC 20000-1, UAE(IA), ISR.

Understanding the information security concepts and the implementation requirements of Management Systems, Risk

Assessment, Data protection & Security Awareness.

ADDITIONAL NOTES

No. of Experience required in the field - Minimum 5 years of experience out of which 3 years should be in Information Security.

Remote Work :

No