Information Security Officer

Job description / Role

Availability

30 days/immediate

Location

Dubai

Industry

Finance

Job Summary

The Information Security Officer (ISO) is responsible for establishing and maintaining an enterprise-wide information security program to ensure that information assets are adequately protected. This role involves identifying, evaluating, and reporting on information security risks, ensuring compliance with legal and regulatory requirements, and aligning security measures with organizational objectives.

Key Responsibilities

1. Policy Development and Compliance
   • Develop, implement, and maintain information security policies, standards, and procedures.
   • Ensure compliance with applicable legal, regulatory, and contractual requirements (e.g., GDPR, ISO 27001, HIPAA).
   • Conduct regular policy reviews and updates based on changes in technology and threats.
2. Risk Management
   • Perform risk assessments to identify vulnerabilities, threats, and impacts on business operations.
   • Implement risk mitigation strategies and monitor the effectiveness of security measures.
   • Maintain a risk register and ensure periodic reporting to management.
3. Security Operations
   • Oversee the deployment, integration, and maintenance of security solutions such as firewalls, IDS/IPS, endpoint protection, and SIEM tools.
   • Monitor systems and networks for unusual activities or security breaches.
   • Respond to and investigate security incidents, coordinating with internal teams and external stakeholders.
4. Awareness and Training
   • Develop and deliver employee security awareness training programs.
   • Promote a culture of security within the organization.
   • Ensure that employees understand their roles in safeguarding company assets.
5. Incident Response and Recovery
   • Develop and maintain an incident response plan.
   • Lead the response to security breaches, ensuring timely containment and recovery.
   • Conduct post-incident analysis to improve incident response processes.
6. Collaboration and Communication
   • Work with IT, HR, Legal, and other departments to align security initiatives with business goals.
   • Serve as the primary point of contact for external auditors, consultants, and regulatory authorities on security matters.
7. Continuous Improvement
   • Stay updated on the latest security trends, threats, technologies, and regulatory requirements.
   • Recommend and implement new security technologies and best practices.
   • Conduct regular security audits and penetration testing.

Required Qualifications

Education and Experience

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in information security, risk management, or related roles.

Certifications (Preferred)

• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Information Systems Auditor (CISA).
• CompTIA Security+ or equivalent.

Skills and Competencies

• Strong understanding of information security frameworks (e.g., ISO 27001, NIST, COBIT).
• Knowledge of network security, encryption, and authentication protocols.
• Proficiency in security tools (e.g., SIEM, firewalls, antivirus software).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to handle confidential and sensitive information with integrity.

About the Company

Staff Connect is the rapidly developing best IT outsourcing company in UAE. We offer to our respective clients the best possible service like sourcing services for permanent, temporary, and agreement-based recruitment. Since commencing conductions, the entities have seen fast development achieved solely through firm business rapports and deliver reliable and meaningful services to our clients.