Information Security Consultant
* On-site Abu Dhabi , Abu Dhabi , United Arab Emirates
United Al Saqer Group*
Job description
Business Unit: United Al Saqer Group (UASG)
The IT Department at UASG is a dynamic team dedicated to delivering top-tier IT solutions that ensure organizational continuity. We provide a comprehensive range of IT services to the Head Office and all UASG subsidiaries.
About You:
We are on the lookout for an
Information Security Consultant to become a key part of our exceptional IT team. This role offers an exciting opportunity for an experienced individual who can quickly establish credibility and foster meaningful connections.
If you thrive on challenges and have a passion for making an impact, this is your chance to shine.
In this role, you will:
- Join a diverse team that drives transformation within an established family business.
- Collaborate with companies across various sectors, including construction, automotive, and real estate.
- Assist and coordinate information security activities aligned with UASG’s Information Security Strategy, focusing on Technology Governance, Information Risk Management, and Technology Compliance within the Security Operations Center.
- Promote self-sustaining security practices across the organization while ensuring compliance and managing risks.
If you’re ready to take your career to the next level, we want to hear from you!
Job requirements
IT Governance – Reviews information systems for compliance with legislation and specifies any required changes. Responsible for ensuring compliance with organizational policies and procedures and overall information management strategy.
Information Systems Coordination –
Maintains an awareness of the global needs of the organization, and promotes (to both information systems and business management) the benefits that a common approach to information Security will bring to the business as a whole.
Information Security – Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls. Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems. Investigates suspected attacks and manages security incidents. Uses forensics where appropriate.
Information Assurance – Interprets information assurance and security policies and applies these in order to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Uses testing to support information assurance. Contributes to the development of policies, standards and guidelines.
Technical Specialism – Maintains knowledge of specific specialisms, provides detailed advice regarding their application and executes specialized tasks.
Innovation – Actively monitors all threats and seeks opportunities for new methods, trends, capabilities and products to the advancement of the organization. Clearly articulates, and formally reports potential risks and benefits from both structural and incremental change. Encourages and motivates colleagues to share creative ideas and learn from failures.
Business Risk Management – Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, Conflicts, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Co-ordinates the development of countermeasures and contingency plans.
Emerging Technology Monitoring – Maintains awareness of opportunities provided by new technology to address security challenges or to enable new ways of working. Within own sphere of influence, works to further organizational goals, by the study and use of emerging technologies and products. Contributes to briefings and presentations about their relevance and potential value to the organization.
Continuity Management – Provides input to the service continuity planning process and implements resulting plans.
Data Management – Assists in providing accessibility, retrievability, security and protection of data in an ethical manner.
Methods & Tools – Promotes and ensures use of appropriate techniques, methodologies and tools.
Security Administration – Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Penetration Testing – Coordinates and manages planning of penetration tests, within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defenses and mitigating controls - both those already in place and those planned for future implementation. Takes responsibility for integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on the planning and execution of vulnerability tests. Defines and communicates the test strategy. Manages all test processes, and contributes to corporate security testing standards.
Incident Management - Diagnoses incidents according to agreed procedures within Info Sec domain. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Documents and closes resolved incidents according to agreed procedures
Mandatory experience
Bachelor's degree from an accredited college or university in Computer or Information Technology, Computer Science, Management Information Systems or other information technology or related fields.
At least 5+ years of experience working in IT Security / Information Security and an overall IT experience of 8+ years.
Experience with Technology Governance i.e. Creation of Policy, Standards, Guidelines & Procedures
Experience with Information Risk Management including Cloud and On Premise Resources
Experience of full-lifecycle implementation of ISO 27001
Experience with Technology Compliance i.e. regulatory compliance, ISO 27001, ISO 20000, ITIL V3, COBIT, CIS/NIST security baselines etc.
Solid experience with enterprise level "Security Incident & Event Management" technology
Solid knowledge of: malware, vulnerabilities, exploits, network forensics, packet analysis
Good understanding of IDS, IPS, Firewalls, Web Filtering technologies, ATP method
Qualities:
Natural curiosity and ability to learn new skills quickly
Strong analytical, documentation, reporting and communication skills
Ensures Privacy, Confidentiality and Data Integrity always.
Responds to emergency situations as needed for the purpose of resolving immediate concerns.
Responsible for off hours emergency support related issues.
Perform all other tasks and duties as assigned
Key Skills & Competencies:
Understanding of Forensic Analysis Tools
Understanding of Cloud and On Premise ERP applications and general business operations.
Certification Advantage i.e. CISM,CISSP,CCSP,CEH
Process Orientation and Optimization
Structured, analytical and result oriented approach
Networking & Interpersonal skills
Stress resistance, team orientation
Excellent communication skills.
* Team Management
