Job Openings
Head of Security Advisory - Emiratization
About the job Head of Security Advisory - Emiratization
Our client is a well-known large financial services organisation based in the UAE. They are looking to hire a driven & well-rounded Head of Security Advisory within their Information Security Group department.
The job holder will be responsible for developing and executing a Security Advisory roadmap aligned with the ISG strategy and the organizations cybersecurity program. The role entails ensuring collaborative efforts between the internal and external teams to enhance cybersecurity, share best practices and understand industry trends, managing cyber led deliveries and initiatives, and providing practical cyber support for projects.
Job Purpose
- Enabling existing or new business and Tech initiatives to be secure by default and design.
- Enhancing the companys security architecture and posture, across existing, legacy and new IT assets.
- Developing and executing the companys data protection strategy - Run Privacy operations in support of the DPO and Legal department.
- Leading third party security risk management.
- Enabling fraud risk management from an information security perspective, in close collaboration with the companys Fraud Prevention and Investigation
Key Result Areas
- Develop and manage a rolling 3-year Security Advisory roadmap. Update roadmap annually based on changes in business priorities and evolving threat and risk universe.
- Develop, implement, and maintain comprehensive policies and procedures related to Security Advisory in alignment with regulatory standards and best practices.
- Regularly review and update policies to adapt to evolving security threats and technological advancements.
- Lead and manage the Information Security Advisory team, fostering a culture of continuous learning and improvement, and promoting the highest standards of professional conduct and ethical behavior.
- Identify, assess, report and drive mitigation of security risks associated with code, application and infrastructure assets.
- Ensuring compliance with regulatory requirements and internal security standards.
- Ensures collaborative efforts between organizations with a shared interest in enhancing their cyber security. Assists with collaboration and coordination between organizations to share leading practices and understand industry specific threats and trends.
- Ensures that cyber working practices are collaborative and are applied uniformly throughout the bank. Ensures knowledge gained in one "cyber pillar" is shared where needed with other pillars and with the wider bank. Drives improvement via collaborative knowledge workspaces. Drives a strong cyber bank with a uniform vision and priorities.
- Ensures that cyber led deliveries and cyber funded initiatives are delivered in a timely fashion, with best cyber utilization, to best value and on budget. Manages sunsetting of cyber products and services, maintains security product / services "buy-sell-hold" list within the organization.
- Provides an interface into Cyber security functions from live project deliveries. Ensures configuration is cyber-defendable. Helps keep security patterns, policies and standards aligned by providing on the ground feedback to authors. Provide practical Cyber support for projects through delivery stage gates.
- BCM coordinator for the ISG Group.
- Collaborate closely with cross-functional teams including Technology, Fraud Prevention and Intelligence, Compliance and business units to align information security strategies with the banks goals and ensure that information security considerations are integrated into business processes and decision-making.
- Support and enable development teams and understand various development methodologies and frameworks in place and help augment existing secure coding practices within the development lifecycle.
- Work with third parties to ensure all outsourced work related to Security Advisory is as per expectations.
- Ensures consistent delivery approaches to Enterprise Security across all platforms and workloads regardless of whether on premises, in the cloud, or hybrid. Reduces duplication of capabilities and converges existing technologies throughout the bank's ecosystem.
- Works with the organization's technology and product delivery teams to provide inline advice and guidance. Provides liaison with legal and regulatory frameworks advising on best security practice. Prepares delivery teams and solution for security audit or testing. Helps develop 'security as code' and automated security testing.
- Supports ISG Governance, Risk and Compliance in providing security implementation and design technical input into the bank's Security related policies, standards, guidelines, and governance related documentation. Drives updates needed based in input from all areas of Cyber.
- Design and oversight implementation of security for Enterprise infrastructure, cloud, specific domains such as ATM, innovation and emerging technologies. Align requirements to evolution of threat landscape. Provides a framework and timesaving artefacts to secure solution designers such as patterns / anti-patterns.
- Custodian of HSM keys.
- Contribute and oversight of cryptographic policies and implementations across the bank.
- Lead classification of data based on sensitivity, value and criticality to the organization. Ensures data is correctly identified, labelled and that there are sufficient controls to protect the data. Measures that the organization takes to protect sensitive data and prevent data breaches.
- Govern and manage Data Leakage Prevention: policy management, incident notification oversight, oversight of escalation of DLP issues and track them to closure.
- Steer the DPP committee and report to ISC and Business Engagement meetings.
- Provide governance and advisory support for all Data Protection Risks identified as per the Data Protection Framework.
- Manage RCSA for Data protection.
- Provide strategic oversight and support for Data Protection activities.
- Manage Insider risks and report Privacy risks.
- Manage consent file uploads daily and resolve cookie consent issues.
- Manage data breach response.
- Review data transfer tickets to external domain.
- Review tasks for data restoration to non-Prod environments.
- Manage discovery of unstructured data and manage associated risks including oversight of risk reduction activities.
- Reconcile DLP agents reports across all jurisdictions.
- Establish and maintain core Third Party security risk management structures, frameworks and data; allowing the bank to identify, assess, mitigate and report on Third Party security risks.
- Determine strategy for managing Third Party security risk throughout contract lifecycle; including onboarding, ongoing and offboarding contract stages.
- Define Third Party security policies, standards and guidelines.
- Conduct Third Party security risk assessments and security regulatory assessments.
- Input to contractual and procurement security requirements.
- Perform continuous security risk monitoring.
- The process of identifying and collecting electronically stored information within an organization. Requires searching and analyzing large volumes of data from various sources. Ensures that organizations adhere to relevant legal and regulatory requirements and data is accurate, complete and relevant to the requirement.
- Demonstrate adoption of ISG vision, mission, cultural and operational objectives. Support actively key ISG transverse initiatives.
- Manage Security Advisory run the bank (RTB) and change the bank (CTB) activities to deliver quality results, on time and budget. Escalate in advance any alert, risk, critical dependency, and issue that arise with options for their management to ensure pro-active management and no surprises.
- Manage the Security Advisory RTB and CTB budget inside approved forecast.
- Ensure preparation, execution and follow-up of regulatory examinations, audits, and assessment. Those reviews shall not result in any critical or high-risk issue for ISG or for the Security Advisory.
- Ensure closing of all legal, regulatory and audit issues with the expected level of quality, in time and budget.
Knowledge, Skills and Experience
- 14+ years of experience in information security with 5 years experience in security architecture, data protection and third-party security risk management in a financial institutions/banks.
- A sufficiently senior level official who has management enterprise projects and has experienced coordinating direct and in-direct reports to senior management.
- Strong interpersonal, analytical, and technical skills.
- Strong decision making and prioritization skills.
- Strong experience in banking environment with strong understanding on key security frameworks such as ISO27001, PCI DSS, NIST 800-63.
- Knowledge and experience with CIS benchmarks.
- Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection systems, incident response, security policy creation, enterprise security strategies, etc.
- Certifications such as CISSP, CISA, SANS, and CISM preferred. OSCE, GCED, CCSK, Azure Security etc. are a plus.