Specialist Information Security

Overview

Lead cyber security architecture, risk management, and compliance across IT/OT

Key Responsibilities

• security architecture
• risk assessment
• compliance management
• security assessments
• tool evaluation
• incident response

Tasks

-Assist in establishing key performance indicators to monitor changes in cyber risk. -Consult on application or infrastructure development projects to harmonize systems or infrastructure. -Make appropriate recommendations for security enhancements to the line manager or any external vendor providing services including tools, technologies, services, policies, procedures, and other areas as needed -Act as the primary interface with the Tabreed stakeholders to architect the defensive model and implement cyber security controls across Tabreed IT & OT systems for desired risk reduction. -Work with multiple stakeholders to identify areas for cyber risk reduction on the IT Infrastructure and OT systems. -Work with the compliance team to establish policies/standards/guidelines to ensure systems record user activities and access to sensitive data in support of insider risk management -Create solutions that balance business requirements with information and cybersecurity requirements -Maintain security guidelines, procedures, standards, and controls documentation -Design, Build, Implement and support an Enterprise-class security systems. -Coordinate & conduct black/white box security assessments with industry standard security tools -Assist with designing the governance activities associated with ensuring compliance with Information Security Policies. -Participate in and lead design sessions with Finning personnel as well as external parties. -Security systems development, testing, analysis, and implementation -Collaborate with other members of the cybersecurity team to develop new protocols, layers of protection, and other both proactive and defensive systems that stay one step ahead of cyber criminals. -Attend all regular, special, and emergency meetings regarding cyber and information security -Define high-level migration plans to address the gaps between the current and future state, typically in sync with the budgeting or other planning processes. -Build risk awareness amongst team by providing support and training -Develop and implement software security compliance program that takes a risk-based approach to ensure appropriate compliance to policies/standards/guidelines -Report the risk tailored to the relevant audience -Research new technology to determine what would best support their organization in the future -Work independently on technical issues and recommend design solutions. -Analyse current risks and identify potential risks in responsibility -Monitor and ensuring compliance to standards, policies, and procedures. -Contribute to awareness and outreach efforts both internally and externally -Communicates with senior leadership on cyber security strategic issues and current risks. -Maintain a working knowledge of current cybercrime tactics. -Oversee compliance with applicable laws, rules, and regulations related to cyber and information security -Design security architecture elements to mitigate threats as they emerge. -Regularly review the operation of security controls and recommend changes designed to improve effectiveness and/or counter emerging risks -Lead the evaluation of the potential impact of implementing difference cyber risk reduction methods (i.e., cyber security controls) with in the IT infrastructure. -Direct and oversee the evaluation of security tools and make acquisition recommendations to the IT Security Manager -Assess the Tabreed’s defensive strategy and the implementation of the cyber security program. -Comply with Health, Safety and Environment Policies (mandatory for all) -Develop, support, and advance strategies, policies, programs, and projects designed to continually improve and enhance cyber and information security posture and resiliency -Regular generation of reports for executives and administrators -Provide an evaluation on current milestone delivery and regulatory compliance. -Lead the development of a risk management strategy to include a cyber security control implementation strategy for effective and sustainable risk reduction. -Lead efforts to evaluate and select vendors for security assessments, penetration testing, and other similar security services -Act as a liaison with the UAE regulatory authority, to validate cyber security performance meets or exceeds regulatory expectations for protection against the design basis threat. -Manage budgets, maintain financial forecasts, develop, and present business cases -Lead the development of a risk reduction strategy for the protection of Tabreed critical systems and associated critical digital assets (CDAs). -Lead the conduct of a cyber-security self-assessment initiatives based on international standard, national standards, and state of practice. -Establish objectives and milestones and manage activities to deliver high-quality results within budget and schedule -Lead the development of a corrective action plan for achieving desired risk reduction and maturing program elements. -Follow the international framework designed to standardize the selection, planning, delivery, and maintenance of IT services within a business -Leads the creation of deliverables related to design and analysis of technology solution to ensure that solution meet business and operation needs. -Development of threat prevention strategies -Lead the analysis of the current technology environment to detect critical deficiencies and recommend solutions for improvement Conduct incident response analyses; develop.

Requirements

• cissp
• azure
• siem
• incident management
• risk management
• project management

What You Bring

-Strong proficiency in Incident Management and Response. -Experience in threat management and threat intelligence. -Familiar with the basic principles of organizational change management, and understanding of how to apply these principles -Minimum 5 years’ experience in Information Technology (IT) & Operational Technology (OT) Cyber security -Project management skills: financial/budget management, scheduling, and resource management -Experience with contract and vendor negotiations, and expertise in negotiating complex contracts and managing vendors, including design, and tracking of Service Level Agreements (SLAs) -Knowledge of many, if not most, aspects of information security architecture Understanding of network and enterprise architecture Certifications: CISSP or CISM , Network and security , Microsoft Azure Administrator Certification and Industrial Cybersecurity -Experience in security device management and SIEM. -Demonstrate a solid understanding of infrastructure, virtualization, cybersecurity standards, and operating procedures. -Bachelor’s degree holder in Computer Science/Engineering or equivalent Knowledge -Ability to develop a comprehensive understanding of Finning’s business, market and industry and relate that knowledge to identified operations and IT-related risks -Ability to estimate the financial impact of risk mitigation alternatives -Flexibility to work in shifts as required -Hands-on experience running mission-critical cybersecurity operations -Ability to understand the long-term ("big picture") and short-term perspectives of situations -In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. -Exhibit excellent analytical skills and the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment and meet overall objectives -High level of personal integrity as well as the ability to professionally handle confidential matters and to show an appropriate level of judgment and maturity -Proven experience building a service-oriented organization and driving or promoting a service delivery model -Broad knowledge across all areas of the Technology Architecture domain including Cloud Computing (IaaS, PaaS, AWS, Azure etc.) Data Center, Data Storage Technologies, Virtualization, server platforms (Windows and Linux), Desktop, mobility solutions, systems monitoring/management, data protection, high availability/clustering, network (WAN/LAN/WLAN etc.), Security (Firewall, IDS/IPS, VPN etc.) -Response to security threats, attacks, and similar events -Self-starter, accountability, and the ability to work with little supervision -Risk Management (mandatory; line manager discretion) -Due to nature of 24/7 operation may be required to work after hours or on weekend -Ability to quickly comprehend the functions and capabilities of new technologies -Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.

People Also Searched For

Benefits

-Limited travel to project sites

About Tabreed

-Grew from a 3-person startup to a publicly listed company owning and operating over 90 plants across multiple countries including UAE, Saudi Arabia, Oman, Bahrain, India, and Egypt. -Financially solid and publicly traded on Dubai Financial Market, supports major regional expansions via sukuk and bond issuances. -Expertise spans design, build, operation, and maintenance of district cooling networks, often integrated with projects like metros, malls, hospitals, and mixed-use complexes. -Innovates with AI control systems and renewable-energy trials.

Sector Specialisms