Job description / Role
- Develops, manages, and communicates the Corporate Information Security Framework that includes policies, standards and processes based on international standards (eg.ISO27001) as well as legal and regulatory requirements (e.g. PCI DSS, GDPR) ensuring its policies and procedures are adopted and adhered to.
- Develops an overall information security and compliance strategy, and recommends appropriate controls and tools ensuring all are in line with company’s objectives, set measures and information control requirements.
- Monitors environmental and market trends and pro-actively assesses impact to business strategies and advises necessary security controls in collaboration with experts in other functions e.g. legal, technical support, architecture.
- Defines and implements a risk management framework for company to ensure that IT security and risks are managed to acceptable levels and in compliance with relevant regulations.
- Coordinates periodic vulnerability assessments and penetration tests on IT environment to monitor performance, identify risks and threats, and manage solutions as required for the effective protection of information assets and/or regulatory compliance.
- Ensures there is sufficient visibility at the appropriate management level for every risk – its impact, and cost of mitigation.
- Conducts investigations on permission violations and defines org-level policies on the access rights.
- Coordinates effective implementation of data protection program aligned to applicable regulatory regimes (e.g. GDPR). This includes records of processing, associated policies and procedures, and reporting and engaging with supervisory authorities whenever needed.
- Directs and guides internal teams and/ or external providers to ensure that all information assets are well protected. Reviews, actions any exception to policies and standards based on impact and takes ownership for all Information security initiatives.
- Keeps abreast with market trends and latest products related to information security and maintains a broad understanding of the environment, to source services from the external market.
- Develops, manages, maintains, and regularly tests security incident-response-plan that ensures all incidents are reported, documented, resolved and recovered.
- Handles any additional duties as directed by the Head of Department/CEO.
- Bachelor degree in Computer Engineering/ Computer Science/ Information Technology or equivalent.
- Certification relevant to Information Technology/ IT Security/ Audit/ Governance e.g. CISA, CISM, CISSP, CGEIT.
- 10+ years of IT experience including 5 years in Information Security preferably within Airline industry.
- Working experience in managing Internet and network security products and platforms, applications and infrastructure security assurance as well as security incidents and operations.
- Advanced knowledge in information security principles and practices, including security risk assessment standards, risk assessment methodologies, vulnerability assessment and security frameworks.
- Possesses experience in data protection and management, including regulatory aspects.
- Holistic IT knowledge of heterogeneous technology environments.
- Advanced knowledge in attack vectors, threat trends, mitigation strategies, intrusion analysis and incident response.
- Experienced in developing, departmental policies, procedures, standards and guidelines.
- Proven skills in analyzing data, identifying pitfalls and recommending cost-effective solutions.
- Effective persuasive, negotiation, problem solving and decision making skills.
- Employs technical and interpersonal skills to execute new initiatives and achieve company’s objectives.
- Demonstrates the ability to contribute and successfully deliver against business strategy and set KPIs.
About the Company
Air Arabia (PJSC), listed on the Dubai Financial Market, is the Middle East and North Africa's first and leading low-cost carrier flying to over 100 destinations across the world. Air Arabia was the first airline to introduce the low-cost carrier concept in the region and is on a mission to serve all Arab countries and beyond, constantly undergoing aggressive route expansion, taking advantage of its ideally located hubs in the United Arab Emirates, Morocco, Egypt and Jordan. Over the past thirteen years, Air Arabia, through continuous market research and customer feedback, provides a range of value added services to millions of passengers who chose to fly with Air Arabia's fleet of A320 aircraft. The airline commenced operations in October 2003 and achieved financial break-even from its very first year of services and has been profitable ever since.
CISO Chief Information Security Officer - Finance
|Abu Dhabi||28 May|
Robinson Faris Jones - Human Resources (RFJ-HR)
Big Fish Recruitment
|Abu Dhabi||24 Aug|
Sr. Information Security Engineer
Zakher Marine International Inc.
|Abu Dhabi||16 Sep|
Head of IT