Cyber Security Assurance Manager
|
||||||||||||||||||
|
الوصف الوظيفي External – DESC, SIA, aeCERT, contractors, vendors and all other external agencies and organizations as and when applicable. Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations in coordination with cyber security governance team Lead cyber security analysis of the technology environment to detect critical deficiencies and recommend solutions for improvement. In addition Validate IT/OT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Design a security system or major components of a security system, and may head a security design team building a new security system Liaise with other architects and security practitioners to share best practices and insights Coach, mentor and collaborate with technical subject matter experts and other architects to develop technology architecture that enables and drives new business capabilities and operating models securely Research, recommend, evaluate cyber security solutions that identify and/or protect against potential threats, and respond to architecture design changes Identify gaps and recommends ways to improve a systems architecture. Participate in application and infrastructure projects to provide technical cyber security advice and recommendations Evaluate baseline security configuration standards for infrastructure components such as operating systems, network components, and applications Conduct or facilitate cyber threat modeling of services and applications that tie to the risk and data classification associated with the service or application Coordinate with DevOps teams to advocate secure coding practices, and assess adherence level Assess and validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems Review security technologies, tools and services, and make improvement recommendations to the broader cyber security team for their use, based on security best practices. Perform vulnerability and penetration assessments, followed by appropriate remedial action verification. Works with other cyber security unites on deploying, tuning and running vulnerability-scanning and penetration-testing tools Validate and verify system security requirements definitions and analysis and established system security designs Preform advisory role in systems development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls in coordination with cyber security governance team Investigate available tools and countermeasures to remedy the detected vulnerabilities, and recommend best solutions and practices. Conduct periodic checks and tests for cyber security functionalities Manage security monitoring, analysis and forensic processes to detect and respond to cyber incidents. Provides second- and third-level support and analysis during and after a security incident Assists SOC administrators and IT/OT staff in the resolution of reported security incidents Participates in security investigations and compliance reviews, as requested by internal or external auditors Acts as a liaison between internal incident response team and external stakeholders in all phases of cyber security incident Track developments and changes in the technology field and cyber threat environments to ensure that they’re adequately addressed in cyber security strategy plans and architecture artifacts Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action Monitor security vulnerability information from vendors and third parties Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security unites, including the security operations center (SOC) المهارات Prior experience with cyber security in oil and gas industry or other critical infrastructure industries is preferred Knowledge of common risk management methodologies Basic knowledge of a broad range of standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, ISA99, NIST, etc Knowledge and Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF In-depth understanding of cyber security assurance and technical risks management Knowledge of common ICS cyber security risks and controls Proven ability to communicate with people at all levels — from developers to the board of directors The ability to interact with ENOC personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives Excellent written and verbal communication skills, including the ability to effectively communicate cyber security and risk-related concepts to technical and nontechnical audiences Direct, hands-on experience or strong working knowledge of managing and evaluating security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology Verifiable experience reviewing application code for security vulnerabilities Direct, hands-on experience or a strong working knowledge of VA/PT and threat modelling tools Verifiable experience and a strong working knowledge of the methodologies to conduct threat-modelling exercises on new applications and services Strong analytical skills to analyse security requirements and relate them to appropriate security controls Experience in application technology security testing (white box, black box and code review) Strong interpersonal and collaborative skills Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business managers High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity Strong analytical and problem resolution skills. Exceptional business judgment, with the ability to think strategically and give practical advice by balancing business needs with cyber security risks High degree of initiative, dependability and ability to work with little supervision Management of internal or contracted security personnel. Experience working with legal, audit and compliance staff. Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans Good knowledge of the process of security integration. تفاصيل الوظيفة https://www.bayt.com/ar/uae/jobs/cyber-security-assurance-manager-3792584/ |
||||||||||||||||||
نسخة للطباعة 
ابلغ عن اعلان مخالف