Security Policy Management
To provide management direction and support for information security in accordance with business requirements, relevant laws and regulations, and state policy.
Policy Development : Develop and maintain security policies, standards, guidelines, processes, and procedures.
Policy Compliance : Oversee the monitoring and compliance with policies, standards, guidelines, processes, and procedures.
Employee Acknowledgements : Create a security policy acknowledgement process
To identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization.
Risk Management Program : Create a formal process to address risk through the coordination and control of activities regarding each risk.
Risk Assessment : Conduct formal vulnerability assessments of the company environment on a regular basis.
Risk Mitigation : Create a formal process to mitigate vulnerabilities
Information Security Governance
Managing information security within the organization.
Information Security Program : Establish and implement a security program that aligns with the company’s business, mission, goals, and objectives.
Establish a governance framework for communicating and coordinating security activities.
Independent Reviews : Implement an independent reviews at planned intervals.
Confidentiality or Non-Disclosure Agreements : Oversee the development and process for the implementation of these agreements.
Third Party Agreements : Establish security language to be included in the contracts and agreements.
Ensure appropriate security controls are implemented for the protection of the different levels of classification and protect Information Assets from unauthorized disclosure of Information when the Information Asset is reassigned or sent for end-of-life deletion
Asset Protection : Develop and maintain internal policies, standards, processes, procedures, and practices that prevent and detect fraud, misuse, and abuse of company assets.
Data Classification : Develop categories and definitions that provide guidelines used to determine the appropriate level of protection for information.
Information Security Awareness, Training and Communication
Coordinate training efforts as a minimum, address the following topics :
Protection of Mubadala Petroleum Information
General information on known information security threats
Information Security policies, procedures and instruction
Procedures for reporting information Security Incidents
How to obtain Information Security advice
Information Systems Continuity Management
To counteract interruptions to business activities, protect critical business processes from the effects of major failures of information systems or disasters, and ensure their timely resumption.
IT Disaster Recovery : Co-ordinate in the planning efforts for the company’s IT disaster recovery plan and provide oversight to ensure it is maintained.
Participate in the testing and management of the plan
To avoid breaches of any law, statutory, regulatory, or contractual obligations, and state requirements.
Internal Compliance : Implement internal procedures to ensure compliance requirements are met, organizational records are protected and controls are in place.
External Compliance : Ensure company is adhering to all applicable laws, regulations, statutes, and state requirements.
At least 5 to 10 years of experience of which at lesat 3 years of experience as a senior information security position / role such as Senior Information Security Engineer / Analyst.
Industry Certifications (Preferred) : CISSP, CISM, CISA, PMP, CRISC, CEH.
Desired) Knowledge and experience ensuring compliance with industry standards such as ISO 27002, ISO 27001, CoBiT, and NIST relating to information security controls and best practices.
Understand the typical business issues related to security access and provisioning.
Excellent leadership and communications skills, as well as the proven ability to analyze and determine solutions to complex information security challenges and problems.
Excellent project management skills, time management, and ability to lead and complete complex tasks and projects.
Willing to put team success ahead of individual success.
Work independently most of the time, demonstrate initiative, adapt to change, engage in collaborative thinking, and maintain attention to detail.
Excellent customer service and relationship skills.
Excellent written and verbal communication skills; ability to effectively communicate with internal / external clients, management, and other IT resources.
Ability to handle multiple tasks at the same time.
At least 3 years of experience managing incident response activities.
At least 5 years of experience selecting, implementing and managing information security solutions such as log management, SIEMs, Identity Management, endpoint security, and enterprise forensics.
At least 5 years of experience in implementation and support of Microsoft technologies. Microsoft certifications are preferred.
At least 5 years of in-depth experience with tiered network security zones and access requirement, vulnerability assessments, and compliance audit;
routers, firewalls, switches, VPN, wireless.
Desired) 3 to 5 years of experience preparing for IT and Information Security 'controls' audits.