- Security Policy Development and Implementation
Develop implement and maintain comprehensive information security policies procedures and guidelines.
Ensure that security policies are aligned with business objectives and comply with regulatory requirements.
- Risk Management
Conduct regular risk assessments and vulnerability analyses.
Identify potential threats and vulnerabilities and develop mitigation strategies.
Implement and monitor security controls to manage and mitigate risks.
- Incident Response
Develop and maintain an incident response plan.
Lead the response to security incidents and breachesincluding investigation containment and recovery efforts.
Conduct postincident analyses and report findings to senior management.
- Compliance and Auditing
Ensure compliance with relevant regulations and standards(e.g. ISR DESC Standards ISO 22301 ISO/IEC 27001).
Coordinate and oversee internal and external security audits.
Prepare and submit necessary compliance reports.
- Security Awareness and Training
Develop and deliver security awareness training programs for employees.
Promote a culture of security awareness within the organization.
Ensure that staff are aware of security policies and procedures.
- Monitoring and Reporting
Implement and manage security monitoring tools to detect and respond to threats.
Regularly review security logs and reports to identify and address security issues.
Regularly review security VAPT Reports and make sure it is closed.
- Provide regular reports on the status of the information security program to senior management.
- Collaboration and Advisory
Work closely with IT and other departments to ensure security measures are integrated into all aspects of the organization s operations.
Serve as a key advisor to senior management on information security matters.
- Collaborate with external partners and stakeholders to ensure a comprehensive security posture.
- Ability to prioritize a wide range of workloads with critical deadlines.
- Availability outside of working hours to resolve emergency issues promptly.
Requirements
- 58 years of Information Security Governance Risk and Compliance experience
- Bachelor s degree in information security or relevant degree
- Relevant certifications such as CISSP CISM CEH ISO 27001 Lead Auditor ISO 23001 Lead Auditor or CISA are highly
- Experience in implementing the ISR /DESC standards.
Main tasks: 1. Follow up on official correspondence and communications received by the Executive Director s Office, which include (letters, e-mails) to ensure that the necessary measures are taken. 2. Preserving correspondence, and official documents within an integrated document preservation system. 3. Follow up on the status of messages received from all sectors and departments of the Authority. 4. Preparing for the evaluation of the Office of the Executive Director. 5. Covering the duties of the Executive Director s secretary during his vacation. 6. Preparing monthly reports related to correspondence to the Executive Director. 7. Managing incoming/ outgoing correspondence from the Office of the Executive Director through the Tarasul system. 8. Follow up co-ordination with the office of the Director General and Chairman of the Board of Directors to ensure that all directives and instructions of the Director General and Chairman of the Board of Directors are implemented. 9. Ensuring that correspondences that do not have a specific end date are not delayed for more than two months. 10. Ensuring that all requirements are provided on time and that their completion is not delayed. 11. Receiving messages (forms, minutes of meetings) that require the approval of the Executive Director and sending them to the concerned authority upon approval. 12. Periodic follow-up and updating of the shared file. 13. Following up on matters related to the Office of the Executive Director and preparing and implementing the tasks assigned to me, including minutes of meetings, PowerPoint presentations
Education
Bachelors/ Masters in Technology