Head IT Security, IFFCO UAE

IFFCO presently has a job opening for eligible candidate for position of an IT Security Head in Dubai, UAE. This job was posted by IFFCO on 10 October 2023 and is now open for desirous applicants.

Job Purpose of An IT Security Head

• Responsible for establishing and maintaining a groupwide information security management program to ensure that information assets are adequately protected.
• This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the enterprise risk management.
• Proactively work with the all business units of IFFCO and corporate to implement practices that meet defined policies and standards for information security.
• Responsible to oversee IT security operational activities across the Group.
• The Head of Information Security is also responsible for implementing and governing IT General Control across the IFFCO group.

Duties of An IT Security Head

• Develop, implement and monitor a strategic, comprehensive enterprise information security and support risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
• Develop, maintain and publish up-to-date information security policies, standards and guidelines.
• Oversee the approval, training, and dissemination of security policies and practices.
• Liaise with the infrastructure and application teams to ensure alignment between the security and enterprise IT application’s architecture, thus coordinating the strategic planning implicit in these architectures.
• Create and manage information security and cyber risk management awareness training programs for all employees, contractors and approved system users.
• Develop a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
• Provide regular reporting on the current status of the information security program and ITGC controls to enterprise risk teams, senior business leaders.
• Provide Third-party risk assessments for various IT vendors and Products, and issue security schedules.
• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
• Provide strategic cyber risk guidance for technology projects, including the evaluation and recommendation of technical controls.
• Liaise among the information security team and corporate compliance, audit, legal and human capital teams as required.

What You’ll Do More?

• Manage security incidents and events to protect corporate technology assets, including intellectual property, regulated data and the company’s reputation.
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
• Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
• Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.
• Provide direction, support and in-house consulting in these areas.
• Mentor and coach direct reports ensuring success in their role and readiness for success into new roles within the information security function
• Manage the enterprise’s information security organization, consisting of direct reports and indirect reports.
• Develop self and others within the function through mentoring, training and engagement in talent development activities

Who Can Apply?

Qualification

• Bachelors Degree required.
• Master’s Degree preferred.

Certification

• IT Risk & Security Certification or similar preferred – e.g. CISA, CISM, CISSP, PCIP.

Experience

• A minimum of 12 years of professional IT Risk and Security related experience
• Expertise and experience in implementing & monitoring Information Security controls, practices .

Skills & Knowledge Desired

• SOC/Security Incident Management experience – CISM/Similar certification is added advantage.
• Network security experience – Firewalls, IPS log analysis
• Data Security experience – AIP, CASB, DLP, Intune etc
• Preventive/Detective security tools – SIEM, xDR, EDR etc.
• Microsoft Azure and AWS Cloud Infra security expertise
• Knowledge and expertise in Cisco, Checkpoint Firewalls, Fortinet and Cloud based internet access and web filtering, Web application Firewalls, DMZ, End user desktop/laptop/handheld devices security
• Knowledge of security setup in SAP, Oracle, Windows and Linux systems.

Cyber Security Senior Assurance Manager, ENOC UAE