Description:
In this hybrid CISO/DPO role, you will play a pivotal part in safeguarding our systems, data, and customer information. You will develop and implement robust security frameworks, ensure compliance with VARA's cybersecurity and data protection standards, and lead our organization’s efforts to mitigate risks and respond effectively to security threats.
Key Responsibilities:
Cybersecurity Leadership (CISO Responsibilities):
- Framework Development: Design and implement a comprehensive cybersecurity framework, including policies, procedures, and standards to protect systems and data.
- Risk Management: Conduct regular risk assessments to identify vulnerabilities and mitigate threats.
- Security Controls: Oversee the deployment and maintenance of security measures such as firewalls, intrusion detection systems, encryption, and access controls.
- Incident Response: Develop and manage a detailed incident response plan to address security breaches promptly and effectively.
- Compliance: Ensure compliance with VARA's cybersecurity regulations and provide regular updates to management.
- Threat Intelligence: Monitor emerging cybersecurity risks and proactively address potential vulnerabilities.
Data Protection Leadership (DPO Responsibilities):
- Compliance Oversight: Ensure all data processing activities comply with VARA regulations and applicable data protection laws.
- Advisory Role: Provide expert guidance on data protection principles, best practices, and compliance requirements.
- Training & Awareness: Educate employees and management about cybersecurity and data protection principles.
- Incident Management: Serve as the point of contact for data breach notifications and manage responses effectively.
- Data Subject Rights: Address data subject access requests and handle complaints related to data protection.
- Regulatory Liaison: Act as the primary contact for VARA and other regulatory authorities on data protection and cybersecurity matters.
Qualifications:
- Education: Bachelor’s degree in Computer Science, Cybersecurity, Law, or a related field.
- Experience: At least 5 years of experience in cybersecurity and data protection, preferably in financial services or cryptocurrency.
- Technical Expertise: Strong understanding of network security, cryptography, data protection principles, and security tools.
- Regulatory Knowledge: Comprehensive understanding of VARA-UAE regulations and other relevant data protection frameworks.
- Certifications (Preferred): CISSP, CISM, CISA, GDPR Certification, or equivalent.
- Skills: Excellent analytical, problem-solving, and communication skills. Strong leadership and the ability to foster a security-conscious culture.