Senior Analyst Information Security

 

Description:

Support seamless adoption, implementation & management of Information security standards and procedures within the organization to

ensure security and protection of ADX information, supplementary data and supporting infrastructure

General Responsibility:

 Effective development and implementation of Information Security policies, procedures and controls covering all areas of

assigned department activity so that all relevant procedural/legislative requirements are fulfilled with quality and within the

defined timeline.

 Identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering

global standards, productivity improvement and cost reduction.

 Day to day operations and requests with regards to the information security assurance.

Job Specific Responsibility

Information Security Activities (Governance, Risk & Compliance):

Develop, implement, and maintain the information security program of ADX as per local and international standards and

in alignment with ADX vision and strategy.

Develop and review information security policies and procedures according to the industry best practices and relevant

standard requirements.

Develop guidelines and procedures for various controls procedures according to the industry best practices and relevant

standard requirements.

Coordinate with ADX stakeholders to ensure adequate implementation of information security controls and practices in

accordance with ADX information security policies.

Manage day to day operations and requests with regards to the information security assurance.

Establish and maintain a single framework to manage multiple management systems more efficiently under an Integrated

Management System (IMS).

Measure the effectiveness of the information security program and report progress to IMS Committee.

Continually introduce improvements to IMS and information security program according to the results of effectiveness

measurements and internal/external audit findings.

 

Create and lead a security awareness program to provide awareness and trainings throughout the organization using

different methods and techniques to increase the maturity level of company staff in information and cyber security awareness

and practices.

Analyze data privacy risks, develop and implement data privacy policies and procedures, monitor compliance, and

conduct data privacy training for company’s staff.

Periodically assess the maturity of people, processes and technology used to ensure safe and secure operation.

Work closely with external regulators on the implementation of UAE Information Assurance Standard and report all

related matters.

Ensure possible measures so that contractors and third parties apply adequate security for the protection of sensitive information.

Assess risks to information assets by looking for potential impacts that can happen and threaten the company and then plan for

treatments to reduce these risks in alignment with Enterprise Risk Management policy.

Ensure continuous compliance with regulatory and standard requirements of UAE Information Assurance Standard and

ISO27001 through internal and external audit engagements.

Management and maintenance of information security risk register.

Conduct Information & cybersecurity awareness (digital & physical sessions)

Conduct Access review covering all the company’s assets.

Ensure that all reports are prepared timely and accurately and meeting company’s requirements, policies, and quality

standards.

Qualification and Experience

Certifications: ISO courses and certificates (27001)

Good Understanding of local information security standards and the UAE’s regulatory environment

Minimum 4-6 years of experience in information security in Financial Services (banking, Insurance, exchanges).

Advanced level of English (written and spoken)

Arabic (written & spoken) skills preferred.