Information Security Engineer
Sofomation - United Arab Emirates
We are - SOFOMATION - a human resource staffing agency providing highest standards of quality and professionalism. We pride ourselves on our
efficient, professional and yet personal services both to our clients and applicants and our ability to supply the right staff complements the recruitment needs of our esteemed clients.
Our client looking for the services of senior personnel to join their organization as:
TITLE: Information Security Engineer (Compliance)
EXPERIENCE: 6+ YEARS
LOCATION: Abu Dhabi
STATUS: Family status with Expat benefits
a.) To ensure that the IT Security policies, procedure, standards and guidelines are properly implemented.
b.) Review, monitor, investigate and report any incidents of attacks against the company.
c.) Work as a member of Security Operations Center for Security Monitoring on IT and OT networks.
d.) Performs forensic investigations as required by other entities of the company (e.g, Internal Audit).
e.) Provide security advice, support and direction to any technical and administrative personnel assigned to work involving computer security.
f.) Work as a part of the team on evaluating new security software and hardware solutions.
g.) Recommend actions/practices to management in order to ensure compliance with security and regula~ requirements in decision-making processes.
h.) Ensure and implement compliance with state information security and risk management policies, standards guidelines.
i.) Perform risk analysis process (identification and prioritization, counter measure identification, plan and follow-up) on new IT projects and solutions ..
j.) Identify vulnerabilities and develop and ensure the implementation of the appropriate solutions to eliminate or minimize their potential effects.
k.) Responsible for developing, testing and maintaining IT Disaster Recovery Plans.
I.) Provide security input and recommendations to the Software Review Committee on the evaluation of new sofiwllrt and hardware systems,
m.) Responsible for developing, testing and maintaining Incident Response Program.
n.) Provide quarterly reports on information security status to the IT Steering Committee and IT Manager (wlum required).
0.) Responsible for ensuring and organizing awareness process for all ZADCO IT infrastructures.
p.) Review of new systems designs and major modifications for security implications, prior to implementatieg; participate in Change Management approvals.
q.) Consult on planned physical facilities changes, and alternations in workflow or operating procedures, evaluating tlw effect of such changes on IT security and ensuring implementation of
r.) Plan and carry out IT security audits and risk analysis process.
s.) Conduct penetration test and vulnerability assessment to evaluate the security posture of the organization.
t.) Provide advisory services on Information Security to other ITlNon IT Projects with respect to Information Secmlty requirements.
Principal Accountabilities (Cont'd):
u.) Ensure that management, the information security function amtI the information's owner, custodians, And users, are fully informed of any findings.
v.) Ensure that an adequate security training program is developed and administered.
Organizational Relationships (Work Contacts):
II Regular contacts within IT at all levels and with all IT users to implement and mange the informatiOn systems security policy.
II ADNOC & other OPCO's at equivalent level to coordinate/participate on IT Security matters, when the need arises.
• Vendors and business solution providers for exchange of information & technical/commerce clarifications, on regular basis.
• B.Sc. in Computer Science, Information Systems Engineering or related discipline.
• Certified Information Systems Auditor (CISA).
• Microsoft Certified System Engineer (MCSE).
II Certified Information Systems Security Professional (CISSP).
• SANS Certifications desirable
Ii, Technical knowledge & skills:
II At least 6 years' experience in Information Security Compliance, conducting risk assessment and use of risk assessment tools in an enterprise environment.
• In-depth technical knowledge, spanning a range of system security hardware and software products,
• Have the ability and the capability of training IT personnel as well corporate computing users
iii. Behavioural skills:
• Has flexibility, influence & persuasion.
II Has the willingness to challenge existing practices.
iv. Other knowledge & skills:
• Proficient in making oral & written presentations and reports.
• Strong communication skills.
• Fluent in English language.