Senior Specialist – Information Security

Job Description

<p><strong>Position: Senior Specialist – Information Security</strong></p><p><strong>Business Unit: Information Management </strong></p><p><strong>Reports to: Manager -Information Security &amp; Governance</strong></p><p><strong>Announcement Closing date: 25 July 2023</strong></p><p><br></p><p><strong>JOB PURPOSE:</strong></p><p>To lead protection of OIA’s information assets’ confidentiality, Integrity and Availability (CIA) through the implementation of security solutions and initiatives, to analyze current systems for vulnerabilities, oversee daily cyber security operations, protect OIA against cyber threats and attacks by promptly monitoring and responding to security events. Ensure compliance to the adopted Information Security Management System and any other compliance requirements.</p><p><br></p><p>Lead assessment of Information Security Risks, identify Information Security gaps and lead mitigation. Lead Information Security Incident Response and disaster recovery assessments/drills.</p><p><br></p><p><strong> Key Roles &amp; Responsibilities:</strong></p><ul><li>Participate in developing Information Security Strategy that is in line with corporate and IM strategy and taking into consideration technology advancement.</li><li>Develop IS baselines that are aligned with international best practices and standards. For example, baselines for software, hardware, networks, and data centers to ensure the quality of security services.</li><li>Plan, assess, recommend, implement, test and manage security controls and protection systems that are used to prevent and/or detect security breaches and events.</li><li>Oversee Security Operation Center related tasks and duties for monitoring OIA network, services and systems.</li><li>Ensure team compliance to adopted procedures when conducting day to day operational tasks to maintain quality service and safeguard information by following organization standards.</li><li>Assess and demonstrate value adds and ROI of implemented security solutions and initiatives on regular basis.</li><li>Produce SOC reports.</li><li>Perform periodic information security review, vulnerability assessment and pen testing to identify and solve threats and vulnerabilities and establish safeguards for information systems.</li><li>Work alongside different team members to analyze and investigate potential threats Support corporate led security audits and Risk Assessments to determine security violations and inefficiencies.</li><li>Conduct regular Information Security Risk Assessment and report and follow-up accordingly.</li><li>Produce timely and prompt reports on identified risk, threats and vulnerabilities.</li><li>Participate in developing IS Incident Response Strategy.</li><li>Participate in developing IS Forensics Strategy.</li><li>Lead planning, developing and testing OIA’s IS Incident Response Procedure(s).</li><li>Lead planning, developing and testing OIA’s IS Forensics process and procedure(s).</li><li>Establish external contacts for reporting, escalating and getting support to handle incidents or conduct forensics, if required.</li><li>Produce comprehensive and prompt incident reports.</li><li>Automate Incident Response.</li><li>Analyze IR &amp; Forensics procedures to look for areas of improvement.</li><li>Participate in ensuring availability of Disaster recovery facility by conducting regular DR drills that cover the different scenarios DR is expected to cover (switchover &amp; failover) and to test DR RTO and RPO.</li><li>Maintain DR documentation by ensuring DR procedures are documents, DR SLAs are approved and communicated, DR Test cases are available and Up-to-date.</li><li>Arrange for and manage DR drills for both IT DR drills or drills that involve business users.</li><li>Report on DR drills to identify success factors, failures, lessons learned, action points, etc.</li><li>Ensure, review and track compliance to applicable internal requirements from OIA</li><li>Ensure, review and track compliance to applicable external (local or international) requirements. For example, compliance to MTCIT, CDC, GDPR, CBO, standards such as ISO27001, etc.</li><li>Report noncompliance(s).</li><li>Stay up to date on applicable compliance requirements and standards by attending trainings, workshop, joining interest groups, Self-educate, establishing contacts with external and internal regulators, etc.</li><li>Develop relevant IS baselines/requirements that ensure secure software.</li><li>Quality-assure software on a regular basis for security vulnerabilities and risks as well as monitor the software for external intrusions, attacks, and hacks to assess the current situation, evaluate and anticipate security requirements.</li><li>Advise on new software requests.</li><li>Monitor day-to-day IS operations (Network Detection &amp; Response, Log Analysis, Vulnerability Management, Incident Management, Request management, Threat Intelligence feed analysis, etc.), to maintain and upgrade OIA’s network and infrastructure systems.</li><li>Delegate day-to-day and support tasks.</li><li>Participate and lead in the planning, coordinating, developing, and execution of internal Information Security Awareness Programs.</li><li>Attend IS awareness requests from OIA SOEs to provide guidance and support as feasible.</li><li>Conduct the assessment of OIA staff IS awareness level. For example, conducting social engineering and phishing assessments, etc.)</li><li>Report on IS awareness program effectiveness.</li><li>Attend advisory requests from OIA business functions or from OIA SOEs and give guidance as a subject matter expert.</li><li>Assist the management with providing appropriate governance, intelligence, and response pillars to serve as the “Subject Matter Expert” on the technical guidance to various projects.</li><li>Self-educate to ensure staying up to date with relevant technology advancements and emerging solutions.</li><li>Provide regular updates to the team on the latest security technologies to maintain technical knowledge and keep up with emerging trends.</li><li>Provide periodic or on-request status reports to the Manager – Information Security &amp; Governance for all related issues along with up-to-date inventory to keep management up-to-date on all Information Security operations and relevant team KPIs.</li><li>Comply with the implementation of the Information Security &amp; Governance’s departmental policies and procedures, to ensure that all relevant procedural and legislative requirements are fulfilled.</li><li>Comply with all relevant health, safety, and quality requirements, in order to guarantee employee safety and legislative compliance.</li><li>Contribute to the identification of opportunities for continuous improvement of systems, processes and practices considering ‘leading best practices’, improvement of business processes, cost reduction and productivity improvement.</li></ul><p><br></p><p><strong>Minimum Requirements:</strong></p><p><strong>Educations &amp; Qualifications:</strong></p><ul><li>Bachelor’s Degree in Computer Science, Computer Engineering, IT, or any relevant field.</li><li>8 to 10 years of related experience</li><li>CompTIA – Security+</li><li>Certified Information Systems Security Professional (CISSP)</li><li>EC-Council – Certified Ethical Hacker (CEH)</li><li>ISACA – Certified Information Systems Auditor (CISA)</li><li>GIAC – Security Essentials (GSEC)</li><li>Proficiency in MS Office is essential (especially Excel and PowerPoint)</li><li>Experience with the following domains is desirable:</li><li>Vulnerability Management</li><li>SIEM Solution</li><li>NDR Solution</li><li>EDR solution</li><li>NGFW, VPN, IDS, IPS, load balancers, etc.</li><li>Servers Systems (Linux, UNIX, Windows)</li><li>Network Experience</li><li>Ethical Hacking or Penetration Testing</li><li>Incident Response</li><li>ISO27001 ISMS</li><li>Risk Assessment</li><li>Fluency in English is essential</li><li>Fluency in Arabic is advantageous</li></ul>