Information Security Officer

Job Summary and Purpose

Drive a strong and robust information security management system in the organization through threat/vulnerability detection, security scanning, penetration testing, security monitoring, identifying IT/OT security risks and other related information security activities. Ensure adherence to the various internal and international information security standards and also to provide technical consultation on multiple information security issues.

Accountabilities

Key Accountabilities:

Information Security Management (Nakilat Shipyard Joint Ventures):
1. Identify information security vulnerabilities and threats in the company IT/OT technology network and infrastructure using various techniques e.g. penetration testing and vulnerability assessment.
2. Collate information from the conducted assessments and recommend appropriate remedial steps.
3. Coordinate the development of the organization’s disaster recovery and business continuity plans for information security, and tests readiness.
4. Develop, review improve and update information security policies, procedures, guidelines and other related documents.
5. Provide support to build the organization wide information security awareness and training programs. Contribute and provide contents for its awareness activities.
6. Monitor, evaluate and ensure the segregation of duties on all systems in order to mitigate the risk of unintentional and/or deliberate system misuse.
7. Ensure compliance with the applicable internal and international information security standards (NIA, ISO27001).
8. Monitor changes in legislation and accreditation standards that affect information security, notify the concerned parties and assists other departments to ensure regulatory compliance.
9. Ensure appropriate administrative, physical and technical safeguards are in place to protect information assets from internal and external threats.
10. Liaise and maintain contact with law enforcement authorities, regulatory bodies, security groups and industry forums in the field of Information Security.
11. Prepare security baselines and safeguard applications, operating systems and infrastructure devices by adopting the latest standards.
12. Resolve information security issues and improve the information security performance by providing technical consultation in system development, acquisition, procurement, implementation, change management, operation/support, and architectural and other ad-hoc projects.
13. Assist in operation areas related to information security and follow the related processes to provide support in information security initiatives.
14. Work with the concerned parties on the security incidents and vulnerability management processes from design to implementation and beyond.