Information Security Operations Lead

Confidential Company

نشرت قبل 32 دقيقة

الخبرة

6 - 10 سنوات

موقع العمل

Abu Dhabi, Dubai - United Arab Emirates (UAE)

التعليم

بكالوريوس في التكنولوجيا/ الهندسة(أي), Bachelor or Master in Information Technology(Information Technology)

الجنسية

أي جنسية

جنس

أي

فوائد

Medical Insurance, Annual Air Ticket

عدد الشواغر

1 عدد الشواغر

الوصف الوظيفي

الأدوار والمسؤوليات

Job Description:

  • Policy & Compliance – Maintain IT/IS policies aligned with NIST, ISO 27001, UAE CB, and GDPR; ensure audit readiness via periodic reviews.

  • Risk Management – Lead enterprise risk assessments, maintain a dynamic cybersecurity risk framework, and prioritize remediation by business impact.

  • Zero Trust & Network Security – Design Zero Trust segmentation, mTLS, NDR, resilient perimeters, and secure remote access to block lateral movement and exfiltration.

  • VAPT – Plan VAPT across OS, AI, cloud, apps, network, and mobile; track remediation, coordinate external pen tests, and integrate findings into VM.

  • Cloud & Container Security – Embed DAST/SAST, container scanning, and SCA into CI/CD; enforce IaC scanning, image signing, runtime protections, CIS hardening, secrets management, and runtime containment (AWS/Azure/GCP).

  • Endpoint & Identity Protection – Operate EDR/XDR, secure boot, immutable images, automated patching, PAM with JIT elevation, HSM encryption, tokenization, ephemeral DB credentials, DLP, and data classification with retention/disposal.


Key Responsibilities:

  • Security Ops & Third-Party Governance – Run SIEM/MDR, SOAR, threat hunting, incident response with lessons learned; manage vendor due diligence, attestations, PIAs, and act as primary liaison for audits/regulators.

  • Maintain IT/IS policies aligned with NIST, ISO 27001, UAE CB, and PCI DSS; conduct periodic reviews.

  • Participate enterprise risk assessments and maintain a dynamic Cybersecurity Risk Management Framework.

  • Design and operate Zero Trust segmentation, mTLS, NDR, resilient perimeters, and secure remote access.

  • Plan and oversee VAPT across all environments (OS, AI, cloud, apps, network, mobile); manage remediation tracking.

  • Secure cloud/container environments (AWS/Azure/GCP) by embedding SAST/DAST, container scanning, SCA, IaC scanning, and runtime protections.

  • Operate and review security controls including SIEM, EDR, Email Security Gateway, WAF, Antivirus; conduct regular security reviews to assess effectiveness.


الملف الشخصي المطلوب للمرشحين

Domain Expertise

  • Regulatory compliance (NIST, ISO 27001, UAE CB) + Enterprise risk assessment

  • Zero Trust architecture + Network security (mTLS, NDR, segmentation) + Secure remote access

  • VAPT (OS, AI, cloud, apps, network, mobile) + Cloud/container security (AWS/Azure/GCP) + CI/CD security (SAST/DAST/SCA/IaC)

  • IAM + PAM + Patch Management + DLP + Endpoint protection (EDR/XDR, Antivirus)

  • Security operations (SIEM, SOAR, threat hunting, incident response) + Security controls review (WAF, Email Gateway, EDR, Antivirus) + Third-party governance and Dark web monitoring


Education: Bachelor or Master in Information Technology Experience: 6–10 years in Banking/Fintech Certifications: CISA, ISO 27001, CEH, Risk management or CISSP, CISM).

نوع العمل

    دوام كامل

القطاع المهني للشركة

المجال الوظيفي / القسم

الكلمات الرئيسية

  • NIST
  • ISO 27001
  • Risk Assessment
  • Network Security
  • VAPT
  • Cloud Security
  • CI/CD Security
  • Patch Management
  • EDR/XDR
  • SIEM
  • WAF
  • Incident Response
  • TPRM

تنويه: نوكري غلف هو مجرد منصة لجمع الباحثين عن عمل وأصحاب العمل معا. وينصح المتقدمون بالبحث في حسن نية صاحب العمل المحتمل بشكل مستقل. نحن لا نؤيد أي طلبات لدفع الأموال وننصح بشدة ضد تبادل المعلومات الشخصية أو المصرفية ذات الصلة. نوصي أيضا زيارة نصائح أمنية للمزيد من المعلومات. إذا كنت تشك في أي احتيال أو سوء تصرف ، راسلنا عبر البريد الإلكتروني abuse@naukrigulf.com

Confidential Company