Vice President Information Security and Governance

Develop and implement department strategy following Daman strategy, set departmental and operational goals and initiate measures to reach goals and to improve department performance

Lead performance management process evaluating progress against departmental goals

Responsible for result-oriented management and development of people/resources, incl. provision of strong day-to-day leadership presence involving resource allocation, monitoring, reporting, and conducting regular staff meetings

Manage department expenditure and requirements, minding the impact on the financial budget

Foster organisational culture by establishing quality awareness and service orientation and complying and implementing processes such as Project and Change Management

Initiate, develop, implement and ensure adherence of policies and procedures

Promote the recruitment and development of UAE Nationals to contribute to Daman’s strategic goals

Department specific:

Create information security program in collaboration with all stakeholders such as Information Technology Services Leadership to build and maintain a multi-year cyber security roadmap for DAMAN

Lead the implementation, maintenance, enhancement, and documentation of DAMAN’s Information Security Program (e.g. System Security Plans (SSP), Business Impact Analysis and Assessment, Contingency Plan, Disaster Recovery, Continuity of Operations, etc.)

Develop, maintain, publish and oversee up-to-date security policies, standards and guidelines. Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers

Conduct Information Security Risk Assessment and coordinate audits on regular basis.

Recognise threats and vulnerabilities; identify information security issues and concerns

Develop and implement prioritised risk treatment plan to tackle identified information security issues and concerns

Evaluate and incorporate government requirements into Daman’s Information Security Programme, by reviewing, calculating impacts, NESA reporting progress and commenting on HAAD directives

Promote awareness of security issues, including developing and conducting Information Security Awareness Training

Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security incident, and provide direction, support and in-house consulting in these areas