Security Planning Analyst – Client of Five Continents in Abu Dhabi
Job Purpose & Scope The Information Security Analyst\\’s primary purpose is to ensure compliance with the Information Security Policy and supporting standards on an ongoing basis by participating in IT projects to ensure security requirements are considered and met, measuring compliance before projects are implemented and enhancing the security controls by continuous review. Responsibilities include security architecture, conducting risk analyses, and evaluating new data security technologies. The function is responsible for ensuring an effective balance between the cost of security controls and the value of the information being protected. Operational Context Latitude of Operation Â· Assists in developing corporate security standards, processes, and best practices Â· Work is governed by Business and IT Strategies, Enterprise Architecture and general guidelines Work Interfaces Â· Regular contact with Business Relationship Management to evaluate security impact of business solutions Â· Regular contact with Data Management to develop and review security policies related to data management Â· Regular contact with Enterprise Architecture to ensure alignment with broader architecture blueprint Â· Regular contact with Solutions Development to discuss security issues related to solution delivery Key Accountabilities Â· Defining security strategy and framework, policies, standards, and process, and the security blueprint Â· Conducting IT Security Audit & Compliance Assessments Â· Providing input to program design and help ensure compliance with security standards, policies and processes Main Duties Â· Develop and implement information security policies and procedures and actively contribute to the strategic planning process. Â· Assist with creating and maintaining sound security architecture for the company. The security architecture consists of various components dealing with the arrangements of the IT processes to suite a security model that ensures at all times the protection of information assets. Intimate knowledge of the interdependencies amongst system software, application software, network software and the multiple platforms at the company. Â· Development of an information security framework based on the ISO27001 standard that defines how people, technology, and process should be assembled to secure the environment and remain consistent with business objectives. The security framework must be based on these three components and must also ensure policy definition, enforcement, measurement, monitoring, and reporting for each one of the components. The framework must also: 1) identify risks to confidentiality, integrity, and availability for different business functions, and 2) reduce, transfer, or accept those risks. Â· Work with internal audit and outside consultants as appropriate for independent security audits. Â· Engage in end user meetings, as needed, to provide direction and consult on key risk items. Â· Provide the expertise to the market as it pertains to business protection topics: information security, and champion best practices related to these items as appropriate for each function and discipline Specific Duties Â· Understands and promotes the companyâ€™s health, safety & environmental policy and objectives; performs work in accordance with the companyâ€™s established rules, regulations and approved procedures; intervenes to stop unsafe acts and practices; and is accountable for the well being and safety of own self and others, including all contracted labor force ï¿½ï¿½\\” unskilled, semiskilled, and skilled. Â· Plans, directs and actively participates in the ongoing training and development of own self and subordinates with special emphasis on UAE Nationals. This includes assessing employeesâ€™ training and development needs, directing the preparation of structured development programs, monitoring progress and counseling trainees on alternative career paths and job profiles available
– Source from NaurikiGulf UAEApply for this job.