Share this Job

Head of Security and Privacy

Date: 19-Jun-2019

Location: 01-Dubai, AE

Company: Majid Al Futtaim

 

ROLE DESCRIPTION

 

Title: Head of Security and Privacy

Division/Department: OmniChannel

Reporting to: Chief Technology Officer

 

 

Role Purpose:

 

Head of Security and Privacy is in charge of the Information Security Management function, providing line management, leadership and strategic direction for the function and liaising closely with other managers. The role holder is to bring the organization’s information security risks under explicit management control through the Information Security Management System.

 

 

Role Details – Key Responsibilities and Accountabilities:

 

Strategy

 

  • Develop an IT security strategy, including a comprehensive cyber-defense strategy for the global organization
  • Ensures the development of security systems and standards to guarantee the highest possible security for the entire business architecture and processes, systems, networks, computer centers, and throughout the whole software development process and IT infrastructure
  • Ensures active and ongoing detection and management of weaknesses and risks in hardware, software, and processes, and the execution of digital forensics investigations Assures the long-term elimination of all detected weaknesses
  • Establishes continuous execution of security tests/measurements (e.g., stress, penetration, business continuity, IT emergency, disaster recovery tests) for existing systems, and integrates these into continuous delivery cycles of software development in projects and products (secure development)

 

Documentation and Auditing

 

  • Audits and approves security guidelines, security controls, and cyber incident response planning as well as identity and access management (IAM) guidelines
  • Ensures compliance with legal directives and other applicable regulations in the long-term
  • Maintain proper documentation for all relative fields of responsibility
  • Propose to management evolutions to support the company expansion and integrate the latest technologies
  • Maintain professional, impartial and efficient relationships with suppliers and partners
  • Coordinate with Internal and external auditors
  • Ensure the implementation of the agreed auditing recommendation in the entire IT field
  • Ensure the communication of the IT policy and standard
  • Ensure the proper conservation, utilization and profitability of the company’s assets
  • Guarantee the quality, confidentiality, application, and protection of company’s “Know-How”
  • Respect and enforce the security and safety procedures
  • Report any action that might interfere with the proper functioning of the company
  • Provide clear, correct, and concise information

 

Processes and procedures

 

  • Ensure that all adequate measures are taken by the system owners in order to guarantee stability of the systems
  • Guarantee minimal delay of recovery in case of system failure
  • Propose and implement action plans in order to increase productivity, performance and effectiveness of the operations
  • Report any action that might interfere with the proper functioning of the company
  • Stay updated on new technologies and innovations
  • Is a trustworthy consultant Informs the management team about risk management issues, strategy, and the necessary budget

 

Communication

 

  • Head of Security and Privacy will be communicating with IT Managers for the notification of vulnerability on daily basis, Business Managers for the notification of vulnerability, when needed, and Suppliers for consultancy and project implementation, when required.

 

 

Qualification, Experience & Skills:

 

Minimum Qualifications/education

 

  • Bachelor’s or Master’s Degree in Computer Science, Information Management or comparable experience
  • Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or comparable experience

 

Minimum experience

 

  • 10+ Years of Information Security experience
  • At least 7 years’ experience in disciplinary team leadership or in an equivalent role, ideally leading red teams

 

Skills

 

  • Working experience in Managing project scope, risks, issues, constraints and dependencies
  • Certification is required in CISM, ISO 27001, CEH
  • Leadership and management skills
  • Expert knowledge and several years’ experience in digital forensics and security information and event management (SIEM)
  • Specialist knowledge of all applicable legislation and compliance frameworks
  • English (Full professional proficiency - Required)
  • Arabic is an advantage