Job detail

Job description

This vacancy is with our client, leading Petrochemical Company undertaking projects in oil & gas sector.

BASIC FUNCTION
Takes measures to help protect and maintain Confidentiality, Integrity, and Availability of company¿s data and information systems from internal/external threats by adopting best IT security practices in the industry.
Leads, and implements the design of Information Security architecture, implements/maintains IT Security policies & procedures, administers/monitors company¿s IT Security infrastructure systems, and reports any security violations and IT Security risks in order to help protect company¿s computing and networking environments.

DUTIES PERFORMED
MAIN DUTIES AND RESPONSIBILITIES:-
¿ Administers and participate in the design and implementation of the IT security architecture and infrastructure to ensure data protection and data integrity, according to best practices and recognized Information Security standards.
¿ Participate in the Implementation of Information Security Management System (ISMS) for modest management of Company information security and appropriate measurement of Security level and gaps in company against the IT Security Standards.
¿ Develops and maintains the documentations of the technical procedures, standards, and guidelines for the IT Security infrastructure components and products.
¿ Reviews new and existing information systems designs and major system modifications for compliance with information security policies and standards.
¿ Participate in and builds up the IT Security Policy Development Teams to develop and maintain information security policies, standards, procedures and guidelines that IT staff and end users should keep to in order to ensure that best IT security practices are recognized and implemented. Reviews compliance with information security policies and recommends corrective /enhancement actions.
¿ Coordinates with HR the development and implementation of User¿s Acceptable Use Policy (AUP), and coordinates with HR the user¿s awareness sessions for new employees to ensure that they are fully aware about IT Security accepted and unaccepted behaviors. Guides the information security orientation and awareness Sessions/programs for company users.
¿ Participate in evaluation, and selection of IT security products, such as, firewalls, intrusion detection systems, anti-virus, anti-spyware, anti spam, VPN, remote access devices, web content filtering servers, proxy appliances, IT Security appliances, switches, routers, etc. and Participates in the planning and the implementation of all computing and network infrastructure projects (i.e. upgrades, enhancements, etc.) to ensure compliance with the IT Security architecture.
¿ Administer the Vulnerability Management process, supervises performing Vulnerability scanning for company IT infrastructure, and provides actionable intelligence to IT staff and users, to help mitigate the effects of external and internal IT Security risks.
¿ Administers and controls administration access rights for all company network components, servers, and PCs.
¿ Investigates, Monitors, and identifies any actual or potential information security violations/risks. Reports to IT Management all actual and potential security violation/risks and recommends appropriate solutions to eliminate or minimize their potential effects. Plans / Administers penetration and ethical hacking tests, and assesses network vulnerability for any attack, to improve the IT Security.
¿ Administers, plans, and coordinates the Contingency, Business Continuity, and Disaster Recovery Plans to maintain service level and ensures with the Technical Services/Telecoms & network teams the continuous operation of the servers and network facilities.
¿ Coordinate with Computer Incidents Response Team members from IT sections to Administer computer security incidents and problems.
¿ Administers, and monitors the implementation of Change Control process, to ensure a proper execution of the Business Continuity Plan.
¿ Ensures that the principal of Job Rotation is implemented and applied by IT staff.
¿ Involve with internal/external IT auditors. Performs regular IT security reviews and audits to help improve IT security infrastructure, and to ensure that user accounts and access permissions comply with IT security policies.
¿ Coordinates with vendors to resolve security related problems.
¿ Participate in the review, evaluation, testing and implementation of new and emerging IT Security plans, products, technologies, and control techniques.
¿ Prepares the purchase requests with technical specifications and evaluation criteria for IT security components and products
¿ Assists / provides system training and introduction to best practices to Company users and other IT staff and develops / trains UAE National Developees assigned.
¿ Plans, coordinates, and implements information security software and hardware to safeguard information in Computer files against accidental or unauthorized modification, destruction or disclosure.
¿ Monitors the installation/deployment of vendor issued security software updates/patches/ service packs. Monitors use of IT facilities including and not limited to Internet use and reports user activities compliance with information security policies and procedures. Monitors company¿s central Anti-Virus & Anti-Spyware systems and assures that latest signature updates and patches are installed/deployed. Monitors company¿s proxy systems, firewalls, VPNs, internet traffic systems, servers, and any other related security devices and Monitors company¿s security gateway/perimeter systems and assure that latest intrusion and antivirus signatures are up to date.
¿ Participate in the implementation of security standards, procedures, policies and guidelines for multiple platforms and diverse system environments to ensure business continuity in case of disaster and in the normal situation such as absences.
¿ Coordinates the reporting of data security incidents and regular reports. Directs and monitors the creation of reports on all security events for server, network, internet, and database activity.
¿ Ensures the protection and availability of company¿s Information Security infrastructure and network against ever increasing threats from internal and external sources.
¿ Keeps abreast of changing technology to meet the new ever increasing security threats.
WORK CONTACTS
¿ The IT Security Officer reports to the VP, Information Technology
¿ The incumbent has regular direct contacts with IT staff up to Section Leaders, Team Leaders, and Company End-Users. He/she also has direct contacts with ETISALAT, contractors, and vendors¿ technical staff to discuss and follow up IT security related issues.
¿ Quarterly meets with ADNOC group IT Security Forum to discuss IT Security issues and participates in implementing different project.
¿ Occasional contacts with HR to aware them about procedures, policies, and guidelines regarding IT Security.

LATITUDE
Reports to the VP, Information Technology. Carries out complex analytical duties with minimum supervision according to established policies, procedures and professional standards. Completed work is subject to general review by the Department Manager.

MINIMUM REQUIREMENTS
¿ Bachelor Degree in Computer Engineering or equivalent
¿ 6-7 Years¿ experience in the field of Technical Support of which at least three years are involved in IT Security
¿ Very Good knowledge of spoken and written English