Information Security - GRC & Assurance Senior Specialist

Job Description

Responsibilities:

• Conducting periodic security tests such as penetration tests, vulnerability tests, and security control tests, with the aim of ensuring the effectiveness of risk management associated with technical assets and identifying any weaknesses that need to be addressed.
• Performing security reviews on new projects or updates to existing systems to ensure security-by-design integration from the early stages and throughout the development and completion phases.
• Reviewing the security of cloud services, programming interfaces, and digital services to ensure compliance with modern security standards and data protection requirements.
• Evaluating systems, applications and processes in accordance with internal policies, regulatory requirements and international standards such as ISO 27001, NIST and CIS Controls.
• Reviewing Vulnerability Management programs, verifying the effectiveness of inspection tools, and processing results according to priorities.
• Conduct risk assessments, gap analyses, identify security risks, analyze vulnerabilities, evaluate their impact on business, and develop plans to address weaknesses.
• Reviewing and approving security controls and verifying the effectiveness of the design, implementation, and operation of technical and procedural security controls within the organization.
• Monitoring compliance with cybersecurity policies and standards, ensuring that different units adhere to approved policies, procedures, and standards, and addressing any non-compliance.
• Supporting third-party risk management and assessing security assurances for suppliers and partners to ensure their compliance with the organization's security standards and requirements.
• Reviewing proposed changes to the department's technical systems to provide security advice and opinions on them and to ensure that they meet information security and data privacy standards. This includes attending change management meetings and technical design workshops.
• Reviewing the department's projects, agreements, and contracts to ensure they meet the information security standards, requirements, and legislation applicable within the department and at the Abu Dhabi government level.
• Reviewing incoming requests to the department related to obtaining security approvals and exceptions and ensuring that they meet all security conditions and requirements or rejecting them.
• Supervising the process of analyzing and addressing vulnerabilities and implementing the recommendations included in the daily security assessment report received from the competent authorities, taking the necessary action to resolve the problem and avoid its recurrence, and sending the report to the Abu Dhabi Government Network with the action that was taken.
• Developing and managing the processes and procedures related to security monitoring and use cases (Use Cases) for detecting, responding to, and recovering from potential security incidents, promoting timely escalation, and coordinating with regard to security incidents.

Education:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or equivalent.
• CEH — Certified Ethical Hacker (EC-Council)
• CISSP® — Certified Information Systems Security Professional (ISC²)
• CCSP® — Certified Cloud Security Professional (ISC²)
• CISM® — Certified Information Security Manager (ISACA)

Experience:

• Experience in leading information security assurance activities in accordance with governmental and international requirements and standards.
• More than 5 years of experience.