INFORMATION SECURITY OFFICER (BB-A720B)
Found in: Neuvoo Premium AE
Job Role: INFORMATION SECURITYOFFICER
Candidate must be inUAE. Experience: Min7years
JOBSUMMARY Information Security officer shallbe, responsible for perform the info sec review ( TRA, ProjectReview, RCSA review, Change Request review etc. ) and ensuringcompliance with the security policies and regulatoryrequirements. The purpose of the jobis: To study the TRA pre-requisites like TRAQ,Design and then conduct the Tech Risk Assessments for variousbanking IT applications and Infrastructure components. Discuss andReview with various IT stakeholders to complete the IT RCSA,identifying the control design adequacy and operatingeffectiveness. To participate in IT change management committee(CMC) meetings, to study changes proposed in design and enhancementof various IT applications and raise security concerns to beaddressed by IT, and participate in CAB- change approval boardmeetings, and also review & approve changerequests.
KEYACCOUNTABILITIES Understand and Delivery ofSecurity Compliance requirements at UAE. Highlight security status& concerns to management. Perform Risk assessments Consultwith IT and information security staff to ensure thatimplementation plan is established. Track open Audit issues oninformation security to closure Risk assessments for localimplementations Review Change Requests Maintain MIS asrequired.
ROLES ANDRESPONSIBILITIES Actively contribute to thesecurity risk management program for the bank. Discuss with IT forRisk control self-assessment of IT service catalogue services& Identify control deficiencies and highlight Review BRDs,Solution Design, Concept Design and any other requirements fromvarious business units and IT meeting the security policies of thecompany Conduct comprehensive risk assessments for new application,infrastructure implementations or major enhancements. Continuouslyupdate the comprehensive risk and control library and coordinatewith GRC team for automation. Track Risk remediation plans andescalate if required. Maintain and track IT exceptions wheneverrequired. Maintain all documentation related to tech riskassessments as per the prescribed format Keep all Risk assessmentrecords updated in the repository and Risk Library updated Maintaina threat library relevant to various technology and do thenecessary mapping and inference to Risks reported Conduct controleffectiveness assessments for NESA scoped IT services and infraservices on sample basis Review the PCI DSS compliance for regionallocations as applicable. Study the risk assessments for newapplication, infrastructure implementations or major enhancementsand ensure risks are mitigated as part of the design presented inthe CMC (Change management committee) Review and approve IT changesas part of the weekly Change approval board (CAB). Track andescalate changes implemented with target risk remediation plansReview emergency change requests and support IT in emergency CRdeployment by providing security recommendations. Co-ordinate andcollaborate with risk assessment personal in sharing key inputsfrom CMC meetings and CAB meeting for increasing the effectivenessof risk assessments Respond to queries that are sought by localRegulatory Authorities / Law Enforcement Agencies Head Office intimely manner with complete and accurate information. Review andassess the regulatory compliance circulars/notices, and securitycontrols as applicable. Review Management Dashboards/Security MISas required.
ELIGIBLE CANDIDATEPROFILE Bachelor (or) Masters inEngineering/Technology (or) Master in Science graduates with 6+years of experience in information security Candidate withCertifications like CISA, CRISC, CISSP will be desirable
Experience: information security: 7 years(Preferred)
calendar_today6 days ago
location_onAbu Dhabi, United Arab Emirates
work RN Trust