Senior-Security Analyst

Job Description: Information Security Officer

Job Objective:

Support the seamless adoption, implementation, and management of information security standards and procedures within the organization to ensure the security and protection of information, supplementary data, and supporting infrastructure.

Key Accountabilities:

General Responsibilities:

Effective development and implementation of Information Security policies, procedures, and controls covering all areas of assigned department activity to fulfill all relevant procedural/legislative requirements with quality and within the defined timeline.

Identify opportunities for continuous improvement and sustainability of systems, processes, and practices considering global standards, productivity improvement, and cost reduction.

Job Specific Responsibilities:

Information Security Activities (Governance, Risk & Compliance):

Develop, implement, and maintain the information security program in alignment with local and international standards and the organization's vision and strategy.

Develop and review information security policies and procedures according to industry best practices and relevant standard requirements.

Develop guidelines and procedures for various control procedures based on industry best practices and relevant standard requirements.

Coordinate with stakeholders to ensure the adequate implementation of information security controls and practices in accordance with information security policies.

Manage day-to-day operations and requests related to information security assurance.

Establish and maintain a single framework to manage multiple management systems more efficiently under an Integrated Management System (IMS).

Measure the effectiveness of the information security program and report progress to IMS Committee.

Continually introduce improvements to IMS and the information security program based on the results of effectiveness measurements and internal/external audit findings.

Create and lead a security awareness program to provide awareness and training throughout the organization, using different methods and techniques to increase the maturity level of staff in information and cybersecurity awareness and practices.

Analyze data privacy risks, develop and implement data privacy policies and procedures, monitor compliance, and conduct data privacy training for staff.

Periodically assess the maturity of people, processes, and technology used to ensure safe and secure operation.

Work closely with external regulators on the implementation of the UAE Information Assurance Standard and report all related matters.

Ensure possible measures so that contractors and third parties apply adequate security for the protection of ADX sensitive information.

Assess risks to information assets, identify potential impacts, and plan treatments to reduce these risks in alignment with Enterprise Risk Management policy.

Ensure continuous compliance with regulatory and standard requirements of UAE Information Assurance Standard and ISO27001 through internal and external audit engagements.

Manage and maintain the information security risk register.

Conduct Information & cybersecurity awareness sessions.

Conduct access reviews covering all assets.

Ensure timely and accurate preparation of reports meeting requirements, policies, and quality standards.

Skills:

Qualifications and Experience:

Certifications: ISO courses and certificates (27001).

Good understanding of local information security standards and the UAE’s regulatory environment.

Minimum 4-6 years of experience in information security in the Financial Services sector (banking, insurance, exchanges).

Minimum 2 years of experience in the implementation, maintenance, and auditing of information security management (ISMS).

Minimum 2 years of experience in incident management, incident handling, change management, risk management, vulnerability assessment, and related topics.

Advanced level of English (written and spoken).

Arabic (written & spoken) skills preferred.

Expertise in the implementation, maintenance, and auditing of global standards.