Information Security Lead

Information Security Lead

 Dubai, AE

 

Permanent

We are seeking an experienced and proactive Information Security Lead to strengthen our IT security and data protection efforts. The Information Security Lead will be responsible for implementing and managing security controls, ensuring compliance with data protection regulations, and leading incident response. This role will serve as a critical resource for safeguarding the company's information assets, ensuring robust data protection, and mitigating cyber threats. The Information Security Lead will work closely with the Chief of Information Technology and Software to align security initiatives with the company's operational goals.

Key Responsibilities:

1. Technical Security Implementation
   • Develop and enforce security controls to protect the company's information assets, including network, applications, and cloud infrastructure.
   • Implement and manage security tools such as firewalls, IDS/IPS, endpoint protection, and SIEM systems to ensure continuous monitoring and defense against potential threats.
   • Configure and monitor access controls, encryption, and other data protection measures to safeguard sensitive information.
2. Threat Detection and Incident Response
   • Lead the incident response process, including detecting, analyzing, and mitigating security incidents.
   • Investigate security breaches, document findings, and provide recommendations to prevent recurrence.
   • Coordinate with the Chief of Information Technology and Software and other stakeholders to contain and resolve incidents quickly and effectively.
3. Vulnerability and Risk Management
   • Conduct regular vulnerability assessments, penetration testing, and security audits to identify security weaknesses.
   • Prioritize and coordinate the remediation of vulnerabilities with IT teams, ensuring timely resolution.
   • Maintain an updated risk register and work with leadership to implement risk mitigation strategies.
4. Data Protection and Compliance
   • Develop and implement data protection policies and procedures that align with regulatory requirements such as GDPR, UAE data protection laws, and ISO 27001 standards.
   • Ensure that all data handling practices, both internal and customer-facing, adhere to relevant data protection laws and best practices.
   • Prepare for and assist in conducting regular data protection audits to ensure compliance and identify areas for improvement.
5. Policy Development and Compliance Support
   • Assist in creating and enforcing cybersecurity policies, standards, and procedures to protect the company's IT environment.
   • Ensure that all policies align with industry standards and best practices, including ISO 27001 and NIST.
   • Conduct security assessments and collaborate with cross-functional teams to ensure adherence to policies.
6. Security Awareness and Training
   • Develop and deliver cybersecurity awareness and data protection training for the company's employees.
   • Promote best practices and educate staff on identifying and mitigating common security threats, including phishing, social engineering, and data handling risks.
7. Reporting and Documentation
   • Generate regular reports on security incidents, threat trends, and vulnerability metrics for the Chief of Information Technology and Software.
   • Document security incidents, response actions, and lessons learned for future reference and continuous improvement.
   • Provide recommendations for improving the organization’s security posture and data protection strategies.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field.
• Certifications: Preferred certifications include CompTIA Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Certified Information Privacy Professional (CIPP).
• Experience:
  • Proven hands-on experience in information security, cybersecurity, or data protection roles.
  • Proven experience with incident response, vulnerability management, and data protection practices.
• Technical Skills:
  • Proficiency in security tools such as SIEM systems, firewalls, IDS/IPS, endpoint protection software, and network security protocols.
  • Strong understanding of data protection, encryption standards, access control, and network security.
  • Familiarity with security and data protection frameworks like ISO 27001, NIST, GDPR, and UAE data protection laws.
• Soft Skills:
  • Excellent analytical skills, with the ability to assess and respond to security threats in real-time.
  • Strong communication and interpersonal skills, able to work effectively with technical and non-technical teams.
  • Demonstrated leadership abilities and a proactive approach to security and data protection.