Information Security Analyst - Abu Dhabi, United Arab Emirates - NMC Healthcare

NMC Healthcare

Verified Company

Abu Dhabi, United Arab Emirates

1 week ago

Posted by:

Ahmed Al-Mansouri

beBee Recruiter

Description

Responsible for planning, developing, implementing, measuring, and maintaining of the security awareness and training program to ensure secure behaviors are implemented and followed by all employees, and to create a mature security culture within the organization to reduce cyber risks.

Develop the strategy, goals, and objectives for the cyber security training, and awareness program.
Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
Plan training and awareness strategies such as sessions, demonstrations, interactive exercises, multimedia presentations, video courses, webbased courses for most effective learning environment.
Conduct interactive training exercises to create an effective learning environment.
Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.
Provide direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
Develop computerbased training and awareness modules, learning objectives and goals, and awareness assessments for measuring and assessing employees' proficiency.
Review training and awareness documentation (e.g., Content Documents).
Create and deliver training and awareness courses tailored to the audience and physical environment
Conduct training and awareness needs assessments and identify requirements.
Design training and awareness curriculum and course content based on requirements.
Develop training policies and protocols for cyber training.
Advocate for adequate funding for cyber training resources, to include both internal and industryprovided courses, instructors, and related materials.
Plan and coordinate the delivery of training and awareness techniques and formats (e.g., video courses, mentoring, webbased courses, lectures, demonstrations, interactive exercises, multimedia presentations) for the most effective learning environment.
Ensure that training meets the goals and objectives for cybersecurity training and awareness.
Conduct periodic reviews/revisions of training and awareness content for accuracy, completeness alignment, and currency.
Develop or assist with the development of privacy training and awareness materials and other communications to increase employee understanding of organization privacy policies, data handling practices and procedures and legal obligations.
Ensure that the cyber security awareness program communicates the security policies and requirements.
Ensure security awareness information is updated on regular basis and reflects the latest security trends and threats.
Collect and maintain data needed to meet system cybersecurity reporting.
Identify top human risks in the organization.
Establish and maintain communication channels with stakeholders.

Education and Certification

Bachelor's degree in computer science, cybersecurity, information technology or relevant to the field.
CompTIA Security+
CompTIA Network+
CySA+: Cyber Security Analyst Certification
CSAP: Certified Security Awareness Practitioner
GRCP: GRC Professional (preferred)
ISO 27001 Lead Auditor/Implementer (preferred)

Knowledge

Risk management processes (e.g., methods for assessing and mitigating risk).
Cybersecurity and privacy principles.
Technology that can be exploited.
Multiple cognitive domains, tools, and methods applicable for learning in each domain.
Learning assessment techniques (evaluation plans, tests, quizzes).
Computer based training and elearning services.
Personal Health Information (PHI) data security standards.
Instructional design and evaluation models.
Organizational training policies, processes, and procedures.
Training and awareness levels, modes, styles, principles, and methods.
Learning Management Systems and their use in managing learning.
Media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media.
Principles and processes for conducting training and awareness needs assessment. Cyber competitions as a way of developing skills by providing handson experience in simulated, realworld situations.

Skills:

Communicating with all levels of management (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). Using social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
Talking to others to convey information effectively.
Utilizing or developing training and awareness technologies and activities (e.g., scenarios, instructional games, interactive sessions).
Utilizing feedback to improve processes,