Senior GRC Specialist

Job description / Role

You will develop Cybersecurity governance model & Cyber risk and compliance frameworks, conduct periodic and need based Cyber risk assessments, and perform compliance exercises to ensure the effectiveness of required security controls.

Client Details
A leading organisation in Abu Dhabi building a brand-new security function as part of the groups aim of internalising IT.

Description
* Responsible for developing and managing the governance, risk management and compliance functions.
* Develop, maintain, and execute enterprise-wide Cybersecurity policies, standards, guidelines, processes, and frameworks in alignment with relevant regulatory requirements and industry standards.
* Develop cybersecurity strategy and manage cybersecurity gap analysis and maturity assessments.
* Develop and manage organization wide cybersecurity Training and Awareness Programs to cater audience from multiple domains and varying skillsets.
* Support development of Business Continuity policies and plans to ensure Cybersecurity requirements and action plans are fully covered.
* Develop Cybersecurity Risk Management framework in coordination with Enterprise Risk Management to ensure Cyber risks are appropriately addressed from mitigation and risk acceptance perspective.
* Manage all security risk assessment related activities for existing infrastructure and new projects/initiatives including but not limited to evaluating new threats and vulnerabilities, conducting risk assessments, preparing risk assessment reports and mitigation actions/plans, managing, and maintaining Risk Register.
* Conduct and manage periodic Cybersecurity reviews and audits and ensure compliance to the Cybersecurity standards, regulatory requirements, policies, etc.
* Manage periodic external and internal penetration tests and ensure corrective actions and mitigations are implemented when necessary.
* Reviewing classification schemes, define standards for labelling information assets, identify appropriate controls for each classification and define rules for sharing sensitive information. for proper data and information protection


Job Offer

* Competitive salary with family benefits such as schooling assistance on offer for the right candidate.

Requirements

* Bachelor's degree in Cybersecurity, Computer Engineering, Computer Science, Enterprise/Information Technology, Information Systems, or related field
* Must have at least one of the following certifications: CISA, CISSP, CRISC, and CISM.
* Minimum of 10 years of practical experience in implementing Cyber and Information Security standards or developing Cyber and Information Security processes
* Experience in conducting gap and maturity assessments and developing strategies.
* Experience in developing Cybersecurity polices, standards, guidelines and operating models.
* Experience of Threat Modelling and Impact/Likelihood assessments
* Experience of assessment of Threat, Vulnerability management related risks
* Experience in compliance assessments
* Experience of standard change control processes, risk assessment and transition in a Dev Ops environment.

About the Company

Michael Page is one of the world's leading professional recruitment consultancies, specializing in the placement of candidates in permanent, contract, temporary and interim positions with clients around the world.

The Group has operations in the UK, Continental Europe, Asia-Pacific and the Americas. In the Middle East we focus on the areas of:

Finance & Accounting Banking & Financial Services Procurement Property & Construction Engineering & Supply Chain Oil & Gas Technical and Engineering Human Resources Sales Marketing Technology Secretarial Executive Search Legal

The Group operates through 161 offices in 33 countries and employs over 5,000 employees worldwide.