No further applications will be accepted for this offer, we have other related job offers that you can find below.

Information Security - Dubai, United Arab Emirates - AKW Consultants

AKW Consultants

Verified Company

Dubai, United Arab Emirates

1 month ago

Posted by:

Ahmed Al-Mansouri

beBee Recruiter

Description

High Level Responsibilities:

Help clients to achieve Information security and Data Protection certifications like ISO27001, ISO27701, GDPR, HIPAA, PCIDSS, PA DSS, SOC1 & SOC2.
Conduct regular Risk Assessments based on NIST framework.
Conduct cloud risk assessments. (Azure/AWS/GC).
Design security controls and help to implement.
Conduct Third party risk assessments.
Able to write management reports.
Follow up and help clients to close security gaps identified on security audits.

Detail Job Description

Develops and implements a data security risk reporting framework, aligned with ISO27001, NIST SP 80053, ISO27701, GDPR, HIPAA, PCIDSS, PA DSS, SOC1 & SOC2 for management teams and governance committees.
Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that client meets both the requirements and intent of its regulatory and compliance obligations.
Facilitates the remediation of control gaps and escalates critical issues to leadership.
Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed.
Prepares for and facilitates examinations by qualified security assessors for regulations such as ISO27001, ISO27701, HIPAA and PCI DSS. Works closely with control owners and internal and external auditors to ensure requests are completed in a timely manner.
Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management. Information Security Risk Assessment
Identifies, analyzes, evaluates, and documents information security risks and controls based on established risk criteria.
Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks.
Recommends controls to mitigate security risks identified via risk assessment process.
Communicates risk findings and recommendations that are clear and actionable by business stakeholders. Security Policy Management and Workforce Training and Awareness
Supports workforce security activities including culture, awareness, and training.
Facilitates eDiscovery and collection of data to support investigations of possible security or policy violations. Analyzes information security incidents in collaboration with other stakeholders. Coordinates remediation and awareness training.
Researches, recommends, and contributes to information security polices, standards, and procedures. Assists with the lifecycle management of information security policies and supporting documents.
Works with other organizational participants to implement information security policies. Thirdparty Supplier and Vendor Risk Management
Performs thirdparty supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle. Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
Assists with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps.
Maintains inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities