Director IT security - Emirati National

Our client is a leading real estate development company based in Abu Dhabi, looking to hire an Information Security Director (Emirati National) with experience in Information security, governance, cybersecurity, data governance, infrastructure, and managing IT applications for the group. The Head of Information Security is responsible for overseeing and ensuring the security of all digital and information assets of an organization. This role involves developing, implementing, and managing security measures to protect systems, networks, and data from cyber-attacks or unauthorized access.

Responsibilities:

1. Develop and maintain a comprehensive cybersecurity governance framework that aligns with the organization's overall strategy and risk profile.
2. Oversee the development of security standards, controls, and best practices, ensuring they are embedded into organizational processes.
3. Develop a multi-year roadmap for information security projects, detailing timelines, resource requirements, and expected outcomes.
4. Prioritize information security initiatives based on their impact on the organization's risk posture and business objectives.
5. Manage the overall information security program, ensuring it is integrated with the enterprise risk management program.
6. Coordinate cross-functional teams to address security issues and implement security initiatives.
7. Regularly report to senior management and relevant committees on the status, effectiveness, and progress of information security programs and projects.
8. Prepare comprehensive reports that include security metrics, audit findings, risk assessments, and recommendations for improvement.
9. Ensure the development, documentation, and regular review of information security policies and procedures.
10. Establish clear accountability for policy adherence across the organization, including defining roles and responsibilities related to information security.
11. Monitor the effectiveness of policies and procedures, making adjustments as necessary to respond to evolving security threats and business needs.
12. Conduct comprehensive risk assessments to identify potential security threats and vulnerabilities within the organization's IT infrastructure, applications, and data.
13. Develop risk management strategies that prioritize identified risks based on their potential impact and likelihood and implement measures to mitigate these risks.
14. Develop and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents.
15. Oversee the operation of the Security Operations Center, ensuring 24/7 monitoring of security events and alerts.
16. Oversee the design, implementation, and maintenance of the organization's security infrastructure, including hardware, software, and network systems.
17. Ensure compliance with all relevant local, national, and international information security laws, regulations, and standards.
18. Develop and manage the budget for the information security department, ensuring adequate allocation of resources for tools, technologies, and personnel.
19. Assess the security posture of vendors and third-party service providers to ensure they comply with the organization's security standards.

Desired Experience:

• 10+ years of experience in information security management roles
• A bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is essential. This foundational education provides the necessary technical knowledge and analytical skills.
• Preferred certifications in information security like CISSP, CISM, CISA, CEH, CIPP, etc.
• Strong understanding of information and cybersecurity principles and practices
• Ability and inclination to learn new technologies quickly
• Experience with a variety of security tools and technologies
• Excellent analytical and problem-solving skills
• Strong written and verbal communication skills
• Strong skills in MS Office (Excel and Word)
• Ability to work independently and as part of a team