We are currently seeking an IT Compliance Officer for our office in Dubai, United Arab Emirates.The Consultant provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of the company’s electronic information by communicating risk to senior management, creating, and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements. To support these activities, the Specialist coordinates activities with other departments and security vendors, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. Additionally, the Specialist ensures the security controls are in place for all identified and anticipated risks that affect the organization.
The ability to understand hardware and software systems.
The ability to maintain confidentiality in regard to information processed, stored, or accessed by the systems.
The ability to manage multiple concurrent projects and to reason analytically.
Ability to identify cyber security risks and develop risk mitigation plans.
Effective verbal and written communication skills and proficiency in writing technical specifications.
The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds.
Project Management Skills
Essential Duties & Responsibilities:
Creates information security strategies, both short-term and long-range, in support of the organization’s goals.
Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the Organization’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Organization.
Oversees all ongoing activities related to the development, implementation, and maintenance of the Organization’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the Organization and assisting departments in local process and procedure development, ensuring they are not in conflict with Organization policies.
Assists other departments to ensure regulatory compliance in areas such as the UAE Information Assurance Standard (SIA Compliance), ADHICS Standard, Payment Card Industry – Data Security Standards (PCI-DSS) and other Privacy and security regulations issued by legal and regulatory bodies time to time.
Participate in the Information Security Management Committee (ISMC) and coordinates the activities of ISMC so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of Organization information.
Ensures vulnerabilities are managed by directing periodic vulnerability scans of applications, networks, servers, and other endpoints connected to the Organization. An effective patch management system is in place and proactively acted upon to ensure that all vulnerabilities are fixed within a reasonable timeframe.
Develops information security awareness training and education programs, works with other Organization entities to present them to staff, partners, and contractors, as appropriate.
Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
Evaluates security incidents in coordination with the Security Operations Center and determines what response, if any, is needed and coordinates Organization responses, including technical incident response teams, when sensitive information is breached.
Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
Contributes to the overall success of the organization by performing all other duties and responsibilities as assigned.
Identify actions items from regulatory, cyber security audit and risk assessment reports as well as recommendations from security advisors and lead the remediation programs.