Role description

The Cybersecurity Head is responsible for the Cyber protection of the organisation through the development and implementation of a Cybersecurity framework and policy covering all Enterprise Technologies, which includes conducting periodic organisational Cyber risk assessments to ensure compliance and proper systems are in place. In addition, this role is responsible for the development and enhancement of the Cybersecurity related business continuity policies. Furthermore, this role is responsible for delivering Cybersecurity training and raising awareness on Cyber issues across the organisation. The Cybersecurity Head is also responsible for monitoring staff performance and providing continuous feedback and support to foster section improvements.

Job Specific Responsibilities:

  • Develop the enterprise Cybersecurity policy and framework in alignment with relevant regulations and standards and ensure their implementation
  • Ensure integration of Cybersecurity in Enterprise Technology related projects; this includes ensuring security aspects are considered and conducting acceptance tests in coordination with the various Enterprise Technology teams to ensure Cybersecurity requirements are met
  • Oversee periodic Cybersecurity reviews and audits and ensure compliance of the company functions to the Cybersecurity standards, regulatory requirements, policies, etc. which includes ensuring the organisation’s senior management review the Cybersecurity status regularly and take corrective actions as necessary
  • Manage the identification of an inventory of the organisation’s information assets and ensure it is accurate and up to date
  • Ensure effective access management to employees and contractors which includes granting access based on need-to-know and need-to-use basis, while ensuring appropriate documentation and approval
  • Ensure effective information systems and information processing facilities protection and define a list of authorised softwares and versions that are needed in the organisation for each system or system type
  • Ensure effective email protection and the use of email filters to block phishing email, restrict downloads of dangerous content unnecessary for business, and scan emails for malware
  • Ensure effective mobile devices security through separation and encryption of organisation’s data and information stored on mobile devices
  • Ensure effective data and information protection within the organisation through reviewing classification schemes, defining standards for labelling information assets, defining rules for sharing sensitive information, etc.
  • Define the backup and recovery management requirements to ensure data security including defining the backup requirements for critical data considering the level of data criticality and organisational requirements and working closely with Enterprise Technology teams to ensure appropriate implementation and monitoring
  • Oversee periodic external and internal penetration tests, and ensure corrective actions and mitigations are implemented when necessary
  • Develop a Cybersecurity event log policy and monitor events as necessary to protect the best interests of the organisation. This includes ensuring systems produce event logs that could help detect, understand, prevent, or recover from attacks and incidents
  • Oversee Cybersecurity incident and threat management activities, which includes activating the incident response procedures when an incident or threat is detected, and defining management responsibilities and procedures to ensure a quick, effective, and orderly response to security incident or threat
  • Ensure alignment of the SOC and SIEM effort and activities in coordination with the System Operator team
  • Develop the Cybersecurity Business Continuity policies and plans in coordination with Enterprise Risk Management and Business Continuity Management to ensure Cybersecurity is fully covered within incident response and business continuity planning
  • Ensure Cybersecurity checks are embedded during the talent management cycle especially during hiring and termination of employees which includes background checks for candidates who are expected to have access to sensitive information and ensuring that important knowledge of terminated employees or contractors is documented, retained and transferred to the organisation
  • Develop Cybersecurity awareness, training and communications in coordination with Human Capital and Corporate Communications teams which includes understanding the organisational awareness level and assessing the training requirements and defining an appropriate plan
  • Work closely with colleagues in the Enterprise Technology and Cyber function and the various departments within the organiastion to ensure appropriate support and collaboration exists to achieve the organisational objectives

Standard Responsibilities:

  • Contribute to the development and execution of department strategy, policies and procedures in alignment with the functional objectives taking into account the changing needs of the company.
  • Manage the activities of direct reports to ensure that all work is carried out in an efficient manner, in line with the section plans, and policies and procedures
  • Provide input into the preparation and consolidation of the function’s budget and advise line management on risks and opportunities
  • Implement the opportunities for continuous improvement of systems, processes and practices taking into account ‘international leading practice’ and changes in business environment and leveraging insights. This includes managing the related change management efforts.
  • Ensure that all relative reports are prepared timely and accurately, and meet the section’s requirements, policies and standards

Knowledge, Experience and Skills

EXPERIENCE LEVEL:

Essential Requirements:

  • Minimum of 10 years of practical experience in designing and implementing of Cybersecurity and Information Security standards and requirements
  • Minimum of 4 years in managing the Cybersecurity and Information Security design and implementation
  • Minimum of 2 years in Cybersecurity Operations (SOC) environment
  • Experience in implementing the following: NIST framework and ISO27001 Cybersecurity framework
  • Experiences in the following areas:
    • Overall IT security engineering, with hands-on experience of a diverse range of security technologies
    • Access Control Systems and Methodology
    • Communications & Network Security
    • Webservers/Application/Database layers
    • Cryptography (Encryption technologies & Key handling)
    • Security Architecture Analysis
    • Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
    • Physical Security Considerations
  • Experience in a multinational company

Desirable Requirements:

  • Experience in a diverse/multicultural business industry (obtained from medium to large organisation)
  • Experience in the Energy and Utility sector
  • Experience in applying data privacy controls and requirements (GDRFA)
  • Experience in implementing standards and ensuring compliance to local regulations (NCEMA, Abu Dhabi Digital Authority (ADDA), Cybersecurity Council)
  • Experience in implementing the following: UAE Information Assurance Standards (from NESA/ TRA)

EDUCATION LEVEL:

Essential Requirements:

  • Bachelor’s degree in Cybersecurity, Computer Engineering, Computer Science, Enterprise/Information Technology, Information Systems or related field
  • Must have at least one Cybersecurity related certification: CISA, CISSP, and CISM

Desirable Requirements:

  • Master’s degree in Cybersecurity, Computer Engineering, Computer Science, Enterprise/Information Technology, Information Systems or related field
  • One of the following certifications (trained and certified): in Information Assurance / CSSP or equivalent from an accredited and recognised organisation (CREST, IRAP, ACSC, NCSC, OSCP, and OSCE), data privacy related certification

Essential skills

Cybersecurity, CISA, CISSP, CISM, CSSP, Cybersecurity Operations (SOC)

Based in the United Arab Emirates, Arunima has been with Thomas Thor since 2016 and is a Senior Recruitment Consultant with international recruitment experience.

Arunima Dipu
LinkedIn