Information Security Manager

Bachelors in Computer Application(Computers)

Nationality

Any Nationality

Vacancy

1 Vacancy

Job Description

JOB DESCRIPTION

Summary / Objective

Essential Functions

• Develop, maintain and implement information security policies, procedures, controls and guidelines.
• Monitor and manage security infrastructure such as firewalls, IDS/IPS, and system logs.
• Perform regular health monitoring, upgrades and maintenance.
• Manage real time security threats & incidents to identify and quarantine threats.
• Assist in process, assessment and implementation of annual PCI DSS certification.
• Coordinate and Conduct periodic Vulnerability and Penetration Testing exercises.
• Co-ordinate with other departments and address their requirements regarding security compliance.
• Provide security awareness & secure code training.
• Recommend and ensure the implementation of defensive functions (e.g., encryption, access control, and identity management) to reduce systems exploitation opportunities.
• Provide recommendations for security gaps mitigation.
• Productively evaluate and recommend new security technologies that can enhance company information security.
• Manage incident response (IT / Information Security) and support systems.
• Review infrastructure technology vendor contracts and risk assessment.
• Monitor & review firewall rules and configuration.
• Respond to security breaches and network emergencies as necessary.
• Document all support and maintenance activities in accordance with internal policies.
• Responsible for maintaining and updating the Information Security Risk Register.
• Assist in the development, testing, and maintenance of the organization s business continuity and disaster recovery plans from a security perspective
• Conduct security due diligence on third-party vendors and partners; evaluate contractual terms and SLAs to ensure security requirements are met.
• Strong knowledge in penetration testing & Vulnerability assessment, using industry-standard tools and methodologies.
• Have good experience in programming / scripting language at least in of the following: PHP, JAVA, or Go.
• Have good experience in bash scripting.
• Have good experience in code review with ability to identify and remediate code-level vulnerabilities.
• Implementation experience with security solutions such as: WAF, IPS, SIEM, LDP.
• Good knowledge of the top 10 OWASP application security risks and mitigation techniques.
• Good knowledge of PCI DSS standard and experience participating in audits and remediation processes.
• Have knowledge of mobile applications security assessment.
• Strong knowledge of internet standards and protocols including TCP/IP.
• Strong skills in information security governance, including policy development, procedure writing, and risk documentation.

Roles and Key KPI s

• Mean Teim to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents.
• Number of critical/high vulnerabilities identified and remediated.
• Compliance score with PCI DSS and internal audits.
• Completion rate for security awareness training
• Frequency and impact rating of information security incidents.

Position Type/Expected Hours of Work

These are full-time positions, and regular hours of work and days are Sunday through Thursday, 8:00 a.m. to 5 p.m.; however, this position can regularly require long hours and frequent weekend work.

Preferred Education and Experience

• Bachelor s degree in computer science or equivalent.
• At least +5 years of experience in information security / security engineering or similar roles.
• Security Certificate in security field such as (CISSP, CISM, OSCP, CEH Security+,CCNA) is a plus.
• Previous experience working in a payment gateway of banking facility is a plus.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com