Job Description

Support and manage all system related security controls and policies defined by the Technology Risk & Cybersecurity practice are implemented across the technology estate. Validates those new and existing controls and policies are interoperable and do not cause usability or performance related issues. Fulfils the role of DR liaison for Service Management and IT Operations working with the business continuity team to ensure documentation is kept up to date.

Accountabilities

• Ensure IT policies, procedures and Industry standards are followed within the IT Operations landscape, reporting on compliance and remediation tracking.

• Captures, maintains, and monitors risk and audit information in one repository

• Ensure adherence to policies, processes, and procedures within areas of responsibility. Review and update these when required
• Assist with Identification and assessment of potential information security risks, recommends mitigations, and helps the risk owners drive the implementation of mitigations to reduce the risk to an acceptable level
• Align with IT Information Security department & Internal Audit department based on outcomes of risk assessments; help define the implementation of additional measures and capabilities
• Reviews and recommends required changes to IT Risk & Security policies and procedures
• Employs continual service improvement though monthly and quarterly metrics reviews
• Participate in the Change Advisory Board to review the impact of proposed business and infrastructure changes on the capacity, availability, and service continuity plans

Education & Experience

• 0-3 years of relevant experience in information security risk management.
• New joiners from University or Emirati development program
• Working knowledge and demonstrated expertise in vulnerability assessment and remediation.
• Ability to recommend mitigating measures using a combination of IT and non-IT measures
• Strong written and oral communication skills including the ability to interact directly with business representatives that do not necessarily have an IT background, to explain complex technical solution and problems in a way that can be easily understood

Skills Required

• Security