Airlines IT
MANAGER INFORMATION SECURITY & RISK
Date posted:
Expire date:
Recruiter:
Job Category:
Location:
Reference:
26.Jun.2017
Open Until Filled
Air Arabia
Airlines IT
HUB: Sharjah, United Arab Emirates
ABY- MGRIS&R
Description:
Air Arabia is looking for dynamic individual to join its IT team. The selected individual establishes and executes an information security and risk framework that includes policies, standards and processes to protect the confidentiality, integrity, and availability of Air Arabia Group's information assets and manage risks to the Group arising out of Information Technology. Develops an overall information security and compliance strategy, and recommends appropriate controls and tools.
Key responsibilities:
Develops, manages, communicates, ensures adoption of, and adherence to the corporate Information Security framework (consisting of policies, standards etc.). Policies should be based on international standards (e.g. ISO27001), legal and regulatory requirements (e.g. PCI DSS). Reviews and actions any exception to policies and standards based on impact.
Ensures that information security strategy is aligned to Group strategy and is appropriate to business needs and information control requirements. Monitors environmental and market trends and pro-actively assesses impact to business strategies and advises necessary security controls in collaboration with experts in other functions e.g. legal, technical support, architecture.
Directs and guides internal technical teams and/ or external suppliers to ensure that all information assets are well protected. Acts as an expert information security advisor to the Group and takes ownership for all Information Security initiatives.
Defines and implements a risk management framework for the Group to ensure that IT risks to the Group are managed to acceptable levels. Ensures there is sufficient visibility at the appropriate management level for every risk – its impact and cost of mitigation.
Leads the development and maintenance of a disaster recovery set up for IT services, in collaboration with business continuity, technical teams and external service providers.
Co-ordinates and ensures performance of risk, threat, and periodic vulnerability assessments and penetration tests on the IT environment and manages the remediation of identified risks and vulnerabilities as required for effective protection of information assets and/ or regulatory compliance.
Develops, maintains, and tests a security incident response plan that ensures all incidents are reported, documented, and resolved. Manages all security incidents and manages internal and/ or external teams to respond to, resolve and recover from incidents.
Monitors internal control systems to ensure that appropriate levels of access are maintained, including investigation of permission violations and authorizing the removal of access rights as needed.
Researches information security related suppliers and products, and maintains a broad understanding of the environment, to inform and develop strategies to source services from the external market.
Ensures all aspects of security and risk management are performed in compliance with relevant regulations.
Requirements:
Qualifications, Experience & Skills:
Certification relevant to Information/ IT Security/ Audit/ Governance e.g. CISA, CISM, CISSP, CGEIT
Minimum 10 years in IT and 5 years in Information Security
Internet and network security products and platforms, application and infrastructure security assurance, security incident and operations management
Advanced knowledge of information security principles and practices, including security risk assessment standards, risk assessment methodologies, vulnerability assessment, and security frameworks
Knowledge of data protection
Holistic IT Knowledge of heterogeneous technology environments
Advanced knowledge of attack vectors, threat trends, mitigation strategies, intrusion analysis, and incident response
Experience developing departmental policies, procedures, standards and guidelines
Apply