Add

ICS INFORMATION SECURITY ENGINEERING MANAGER - UAE

ICS INFORMATION SECURITY ENGINEERING MANAGER - UAE - AIRPORT I.T.

Our client is a major international airports company in the Middle East.

The Role:

The Information Security Engineering Manager will be responsible for leading the engineering of solutions for all aspects of ICS’s information security framework. The Information Security Engineering Manager will collaborate with the ICS Security Manager to define security initiatives and priorities. This position will manage a team of security engineer professionals supporting the security program initiatives. Responsible for developing and deploying solutions to ensure the secure acquisition, processing, and storage of sensitive data exchanged by our client with their partners and customers. The Information Security Engineering Manager will develop a security governance model to ensure that all information technology initiatives adhere to security standards. Working with the ICS Information Security Manager, the Security Engineering Manager will define and communicate secure processes, procedures, methods of analysis and philosophies to protect the firm’s information assets and reputation.

Main Responsibilities:

• Manage a team of information security engineers and architects to develop an information security engineering lifecycle methodology for inclusion in the ICS Project/Software Development Lifecycle (P/SDLC), both in a risk assessment and in an advisory role (for best practices such as secure coding, application security architecture, integration with control frameworks such as IDM, logging, etc)
• Manage consulting services to internal groups; these services will include engineering, architecture, vulnerability assessment, threat analysis and more
• Assist in defining of information security operational processes to ensure predictable operational outcomes; refine Information Security processes and procedures
• Participate in the development, review, and update of information systems policies and standards
• Participate in the incident management program, both from a development/refinement point of view and implementation/operations point of view
• Interact and influence both highly technical staff as well as senior management; must be able to earn the trust and respect of both groups
• Work with internal and external auditors to evaluate compliance with internal policies and standards as well as regulatory requirements.
• Maintain knowledge of security and privacy law, industry best practices, changes in technology and advice on the impact for our client

Qualifications:

• UAE National preferred or if an expat, then work experience in the UAE is essential
• 10+ years of information technology engineering experience with at least 5+ years in security engineering
• 5+ years experience in staff management required
• Must have a Security Vision and be able to put it in place
• Experience integrating Security Compliance tools into Production
• Understanding of security design in a SOA architecture
• Certifications preferred: CISSP for technical security expertise, CISM for security management, CISA for IT best practices
• Responsible for direct management and supervision of staff
• Excellent interpersonal and communication skills
• Must be able to work independently
• Ability to work with others in a collaborative non-confrontational manner
• Must have good customer service skills
• Excellent oral and written communication skills
• Bachelor’s degree in Engineering or Engineering Management preferred or equivalent work experience. Master’s degree a plus

Knowledge, skills and experience

• Technology/information risk management experience in analysing business processes and the related technology that supports these processes. Experience in performing risk assessments (eg, evaluate threats, vulnerabilities, likelihood and impact) and identifying mitigating controls
• Comprehensive technology background; expertise in at least two of the following: distributed systems (Linux, Solaris, Windows), networks (LAN/WAN technologies, firewalls, routers etc), enterprise applications (such as IDM, databases and application development and architecture (SDLC, .NET, PHP, J2EE))
• Excellent understanding of mitigating controls at the systems, network and application level (HIPS, NIDS, server hardening, database controls etc). Expertise in integration and correlation of various controls/applications (vulnerability assessment, logging, NIDS etc)
• Excellent understanding of information security and risk management frameworks such as ISO27001/27002 and ITIL
• Understanding of PCI, EU Privacy Directive and other regulatory requirements for the aviation services sector
• Ability to build and maintain constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate (both written & verbal) with and influence both technical and non-technical audiences
• Ability to earn the trust and respect of colleagues both in and outside of the Information Security team
• Unquestionable integrity

Technology expertise in the following areas: P/SDLC, networks, enterprise applications and systems.

Information security expertise in the following: network controls (firewalls, NIDS), monitoring/logging, host controls (hardening, HIPS), incident management of forensics, application security architecture (n-tier, .NET, J2EE), security application integration and correlation (vulnerability assessment, logging, NIDS etc)