Manager - IT Security - Dubai, United Arab Emirates - GEMS Education

GEMS Education
GEMS Education
Verified Company
Dubai, United Arab Emirates

4 weeks ago

Ahmed Al-Mansouri

Posted by:

Ahmed Al-Mansouri

beBee Recruiter
Description
About the Role


The Manager - IT Security is responsible for establishing and maintaining a corporate-wide management program to ensure the information assets are adequately protected.


This position is responsible for identifying, evaluating, and reporting on information security, data protection, and data privacy risks in a manner that meets the operational, compliance, and regulatory requirements, and aligns with and supports the operations and risk appetite of GEMS Education.


Key Accountabilities:


  • Develop, implement, and monitor a comprehensive enterprise information security and data privacy risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
  • Facilitate information security and data privacy governance through the implementation of a governance program, including the formation of an information security steering committee or advisory board.
  • Develop, maintain, and publish uptodate information security and data privacy policies, standards, and guidelines. Oversee the approval, training, and dissemination of the policies and practices
  • Create, communicate, and implement a riskbased process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
  • Develop and manage information security budgets (as assigned by the CIO) and monitor them for variances.
  • Create and manage information security and data privacy awareness training programs for all employees, contractors, and approved system users
  • Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
  • Provide regular reporting on the status of the information security and data privacy program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.
  • Create a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection.
  • Develop and enhance an information security management framework based on industry best practices, such as International Organization for Standardization (ISO) 2700X, IT IL, COBIT/Risk IT, and the National Institute of Standards and Technology (NIST).
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
  • Coordinate information security, data privacy, and risk management projects with resources from the IT organization and business unit teams.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and everchanging requirements resulting from applicable laws, standards, and regulations. Ensure that security programs follow such laws, regulations, and policies to minimize or eliminate risk and audit findings
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
  • Manage IT security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
  • Coordinate the use of external resources involved in the information security and data privacy program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Develop and oversee effective Business Continuity Management and IT Disaster Recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that businesscritical services are recovered in the event of a security event. Provide direction, support and inhouse consulting in these areas.
  • Liaise with Legal team to review new and existing 3rd party contracts to ensure information security/data privacy requirement incorporation.
  • Ensure implementation and regular review of technical information security and data privacy measures to protect corporate IT assets, sensitive information, and personal data.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

Qualifications, Experience & Skills:


  • Minimum of a Bachelor's degree in Science (BS), Degree in Information Security, Computer Science, Engineering, or a related technical degree. A Master's degree is preferable.
  • Minimum of 5 years of work experience in Information Technology Security
  • Knowledge of common information security management frameworks, such as ISO/IEC 2
More jobs from GEMS Education
See all jobs of GEMS Education