Information Security Operation Manager

Date: 21 Mar 2024

Location: AE

Company: Majid Al Futtaim

ROLE SUMMARY

The Information Security Operations Manager is responsible for leading a broad range of operational activities to protect systems and information assets of Majid Al Futtaim. The role holder will manage the operational activities, promote information security awareness within the organization, as well as operate and implement information security strategies, policies, standards, processes and metrics for ongoing performance measurement and reporting.

The purpose of the Information Security Operations Management function is to bring and keep the organization’s information security risks within tolerance levels in order to ensure the confidentiality, integrity and availability of information assets and safeguards investments in IT systems.

Role Details – Key Responsibilities and Accountabilities:

 

The Information Security Operations Manager’s job is composed of a variety of responsibilities, including tactical, operational and strategic activities in support of the Information Security & Compliance strategy, programs and operations.

Security Incident and Operations Management

  • Act as the primary incident manager for all security related incidents and lead incident response efforts, ensuring swift identification, containment, and resolution of security incidents.
  • Ensure that all operational documents and materials (i.e. SOPs, playbooks) are developed, implemented, regularly reviewed and updated, and followed in liaison with technology stakeholders.
  • Be available 24x7 to respond to high priority security incidents, provide leadership and direction during a crises situation.
  • Work closely with MSSP and internal stakeholders to ensure the effectiveness of SIEM, use case optimization, consistency and coverage of the critical platform monitoring under SOC, and timely closure of the security incidents.
  • Develop and maintain incident response plans and ensure they are regularly tested and updated.
  • Day-to-day management of the Information security operations by working closely with cross functional and managed service provider teams.
  • Provide specialized security support for events such as fraud attempts based on electronic channels and assist in the investigation activities and senior management reporting.
  • Operate and manage day-to-day administration tasks for security solutions and tools, ensuring that systems are up-to-date with latest versions, security patches and fixes and conduct periodic health checks across the security platforms and tools.
  • Develop necessary processes and templates to streamline security operations and smooth onboarding of new systems and applications to SOC and other security tools.
  • Provide training and guidance to technology operations teams on security requirements, tools and impacts to operational processes procedures, technologies, and information assets.

Security Testing / DevSecOps

  • Define the approach, guidelines and use cases for static and dynamic application security testing. Continuously improve security testing methods, tools and approaches.
  • Conduct / manage security penetration testing during new projects, major feature enhancement or change as per defined security testing guidelines.
  • Ensure that any bugs identified during testing are fixed in a timely manner and any risks identified during the process are communicated and managed effectively.
  • Integrate security testing into the software development lifecycle (DevSecOps) in collaboration with development and operations teams.
  • Implement consistent DevSecOps best practices. Keep alignment with DevOps teams to ensure any changes in their platforms/ processes are kept abreast with security testing guidelines.
  • Identify opportunities for innovation and automation, partner with development and security teams on implementing automation and SOAR workflows.

Threat and Vulnerability Management

  • Lead and own vulnerability management covering the end-to-end lifecycle (vulnerability identification, investigation, response, and remediation). Develop and maintain vulnerability management process, and SLAs for remediation and reporting metrics.
  • Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and support the remediation activities.
  • Develop, maintain and support a threat intelligence capability. Analyze threats, review threat advisories and conduct situational awareness based on intelligence to manage current and emerging security risks to the organization.
  • Research, analyze and brief management and team members on relevant risk, CVE's, CVSS, attack vectors and mitigations for various technologies
  • Design, architect and build vulnerability management scanning infrastructure and tools.
  • Own, maintain and implement vulnerability management processes and procedures.

Vendor Management

  • Collaborate with managed service providers to oversee SOC operations and ensure service level agreements (SLAs) are met.
  • Coordinate with the managed security partner to enhance SOC capabilities and responsiveness.
  • Monitor vendor performance, define security reporting metrics and address any issues or concerns promptly.

Definition of Success

 

  • Key Operational metrics met, for example SLA compliance, effective incident resolution, operational excellence, vulnerability remediation within defined time frame
  • Key Delivery metrics, for example, security control coverage, new systems onboarding, delivering new functionality and services, automation and process optimization
  • Key Organizational metrics - staff performance and productivity, service provider management
  • Cost Management Metrics - cost of delivering IT services, resource costs, and budget control
  • Customer Satisfaction metrics

 

Functional/Technical Competencies

 

  • Strong knowledge of IT security solutions and platforms (e.g. CASB, Data Leakage Prevention, Web Application Firewall, Multi Factor Authentication, Database Activity Management, Vulnerability Management, Application Security Testing tools etc.)
  • Excellent knowledge of firewalls, intrusion detection and prevention systems, active network security, end point security; identity and access management, encryption, web content filtering, e-mail protection, network access protection, SIEM and hardening policies & procedures etc.
  • Experience with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as GDPR, ISO 27001, Cloud Security Alliance, NIST, PCI DSS, etc.
  • Strong knowledge and experience of implementing security automation tools and techniques in a hybrid, multi-cloud environment.
  • Strong understanding of security risk management and experience of writing security risks identified from security incident and vulnerability management.
  • Solid understanding of security threat management frameworks and attack/defense techniques including MITRE Att&ck, and OWASP.
  • Practical knowledge of security defense techniques for web and mobile applications, cloud platforms, network infrastructure, end user computing and APIs.
  • Strong analytical skills to analyze requirements and translate them into appropriate security controls.
  • Experience in application and infrastructure security testing (white box, black box and code reviews).
  • Experience of working with managed service providers and ensuring SLA compliance.
  • Ability to work under pressure and respond effectively to high-priority incidents on a 24x7 basis.

Personal Characteristics and Required Background:

Skillset (job-specific skills)

  • Excellent inter-personal, communication and documentation skills
  • Good understanding of information management practices, system development life cycle management, IT services management, agile and lean methodologies, infrastructure and operations, and EA and ITIL frameworks.
  • Proven analytical and problem-solving abilities
  • Ability to effectively prioritize and execute tasks in a high-pressure environment
  • Excellent written, verbal, communication and presentation skills with the ability to articulate new ideas and concepts to technical and nontechnical audiences.
  • Ability to conduct research on new features / products and troubleshoot technical issues
  • Team player and skilled in working within a collaborative environment
  • Demonstrably self-motivated, pro-active, action orientated to achieve deadlines.

 

Minimum experience

  • 6-8 years or more experience of working in multiple IT Security domains in a large organization, preferably in Retail industry.
  • 3 years or more experience of managing security operations in a supervisory role.

 

Minimum Qualifications/education

  • A Bachelor degree in computer science, engineering or technology-related field, or equivalent

 

Preferred Qualifications

  • GIAC Certified Incident Handler (GCIH) or other GIAC certifications
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • ITIL (Information Technology Infrastructure Library) Certification

Security product specific technical certifications i.e. Azure, AWS, DLP, VM etc

 

What We Offer
 

  • At Majid Al Futtaim, we’re on a mission to create great moments, to spread happiness, to build, experiences that stay in our memories for a lifetime. We’re proud to say that over the past 27 years, we have built a reputation as a regional market leader in what we do. Join us!
  • Work from any country in the world for 30 days a year.
  • Work in a friendly environment, where everyone shares positive vibes and excited about our future.
  • Work with over 50,000 diverse and talented colleagues, all guided by our Leadership Model.