Manager Information Security Full-time Job
1 week ago IT & Telecoms Abu Dhabi 34 views Reference: 32867Job Details
Responsibilities
Day to Day Operations
Identify best practices in information security policies, processes and standards and recommend their adoption, when applicable, across Core42.
Ensure continuous engagement with information security regulators to keep up to date with the latest information security regulations.
Update and maintain information security standards and make necessary modifications to existing information security management systems.
Provide relevant security architecture services to different departments across the Injazat ecosystem.
Develop strong information security operations and risk management policies to facilitate compliance with industry regulations.
Enforce security policies to provide direction and support for protecting data and assets in accordance with Core42’s needs.
Ensure the implementation of security audits and system vulnerability tests across Core42.
Monitor and manage data security profiles by reviewing security violation reports and ensuring application of security policies and procedures.
Inspect IT infrastructure installations (help desk, service maintenance, service management, network and communications, systems and database/data centre) to ensure adherence with Core42, as well as external, guidelines and standards.
Coordinate with information security risk management to identify potential threats to business continuity due to non-compliance with policies and standards.
Oversee the review of user access rules to balance security needs with ease of use in accordance with job related requirements and security policies & guidelines.
Ensure information security audit systems and scheduled audits are applied to ensure compliance with standards and regulations.
Review and analyze reports on compliance actions against information security regulations and policies.
Oversee and analyze trainings conducted on compliance security policies across Core42.
Ensure that the processes used in security control (preventative, detective, and corrective) are in full compliance with established security standards and policies.
The candidate should have a good understanding of MS Azure cyber security controls and concepts.
Understanding the basic concepts of cloud computing, including service models (IaaS, PaaS, SaaS), deployment models (public, private, hybrid), and cloud architecture principles. Understanding of cloud technologies with security best practices, access and identity, protecting data and applications, as a desired qualification.
Azure Platform Knowledge: In-depth understanding of Azure services, features, and capabilities relevant to governance, compliance, and risk management.
Risk Management Frameworks: Proficiency in risk management frameworks such as NIST RMF (Risk Management Framework), ISO 31000, and COSO, and their application in cloud environments.
Security Controls and Best Practices: Knowledge of security controls, best practices, and methodologies for securing cloud infrastructure, data, and applications.
Experience with the Cloud Security Alliance's Cloud Controls Matrix (CCM), development & governance and compliance framework as desired qualifications.
Knowledge of cloud governance best practices, including resource tagging, cost management, compliance reporting, and resource optimization.
Risk Assessment and Management: Ability to conduct risk assessments, identify security vulnerabilities, prioritize remediation efforts, and implement risk management strategies.
Proficiency in documenting security configurations, generating compliance reports, and communicating security posture to stakeholders.
Continuous Learning and Adaptation: Given the dynamic nature of cloud security and compliance, a willingness to continuously learn about new threats and vulnerabilities.
Policies, Processes & Procedures
Recommend improvements and contribute to the implementation of procedures & controls so that all relevant procedural requirements are fulfilled while delivering the highest quality of service to customers.
Security Standards and Reports
Prepare security compliance standards and reports to meet the department’s and Core42’s requirements, policies, and standards.
Qualifications
Minimum Qualifications:
Bachelor’s Degree in Computer Science, Information Technology, Engineering or related fields
Minimum Experience
Minimum 12 years of experience in systems security, data security audits and enterprise resource information
At least 6 years of experience in business continuity protocols, risk and governance managemen