Manager – Information Security, iiQ8 Classifieds, Jobs in Kuwait, Alghanim Jobs

 

SUMMARY

The position will address the Information security needs of Alghanim Industries. This will include the computing environment, infrastructure, policy, risk assessment, prevention, licensing, training and delivery of services.

The Manager, Information Security is responsible for the creation, enforcement and adherence to all IT security policies, practices, procedures, and processes at Alghanim Industries.

 

ESSENTIAL DUTIES AND RESPONSIBILITIES

The scope of responsibility includes:

• Responsible for developing, documenting, communicating, and implementing IT Security Governance, policies, procedures, and processes in conjunction with Technical Services and the end user community. Responsible for development and implementation of all IT security standards– technical and non-technical
• Implements and maintain risk assessment framework and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with business objectives. Evaluating and implementing IT Security risk and risk mitigation scenarios
• Participate in the design, development, and implementation of all IT processes & procedures from a security perspective
• Analyzing Security risks within AI’s IT environment and preparing recommendations to senior management for operational improvements
• Conducting regular Security Audits of AI’s IT operations, processes, procedures, products, and services Establish regular security reporting and report content
• Identifying potential areas where existing IT security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion.
• Perform investigations of alleged or potential breaches of IT Security by staff and/or external groups and individuals
• Implement IT Security system controls where needed.
• Implements processes to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Schedule regular assessments and testing of effectiveness and efficiency of controls.
• Performs and investigates internal and external information security risk assessments.
• Manage expectations and requests of internal and external auditors.
• Provide regular reporting on the status of the information security posture to enterprise risk teams, senior business leaders and the information security steering committee.
• Trains, guides, and acts as a resource on security assessment functions to other departments within the organization.

 

EDUCATION and/or EXPERIENCE

• At least 7 years of progressive experience in IT security
• Demonstrated knowledge and experience of implementing ISO certification
• University degree in Computer Science or Engineering
• Network scanning and Intrusion Detection Systems (IDS) experience
• Application, and physical security experience.

 

KEY SKILLS

• Excellent written and verbal communication skills
• Ability to see potential problem areas and proactively resolve issues
• Excellent problem-solving skills
• Excellent understanding of networks, infrastructure, and knowledge of IT security best practices
• Ability to interpret technical IT Security issues into business/non-technical language and vice versa
• Excellent customer service skills
• Knowledge of IT Security Governance
• Ability to quickly familiarize oneself with new security technologies, the implementation requirements of those security technologies, and how to integrate those security technologies into a larger solution
• Ability to analyze new applications, identify potential security concerns, develop approaches that can be used to mitigate identified risks, and work with members of TSA IT to implement recommendations
• Strong project management and problem/conflict resolution skills. Effective prioritization and time management skills with the ability to handle multiple projects simultaneously
• Understanding of business processes and business drivers that can affect system design
• Understanding of risk assessment/acceptance factors that can affect business and security decisions

 

CERTIFICATES, LICENSES, REGISTRATIONS

One or more of the following are highly desirable:

• CISSP (Certified Information Security & System Professional) or CISM (Certified Information Security Manager) or CISA (Certified Information Systems Auditing)

• ITIL Foundation / Practitioner / Service Manager