Senior Information Security Manager - GRC

Develop, implement, lead, and continuously improve the security verification and testing processes, including risk assessments, compliance reviews, vulnerability assessments, and penetration tests, based on industry best practices and assurance standards. Collaborate with the team to enhance the assurance program by incorporating industry best practices and offensive and defensive attack techniques.

What you will do :

• Represent cybersecurity assurance capabilities within the agile process and promote cybersecurity best practices across the Emirates Group by conducting automated and manual discovery of security vulnerabilities in web applications, mobile applications, web services, client-server applications, and related infrastructure.
• Research, recommend, and implement formal methodologies and tools for cybersecurity risk assessments, reviews, and investigations. Perform impact analysis to support security-by-design objectives.
• Monitor and review Emirates Group systems regularly to ensure compliance with cybersecurity policies, principles, and standards. Initiate corrective actions for violations to support effective, risk-based decision-making supported by data.
• Schedule and perform vulnerability assessments, penetration tests, technical risk assessments, and compliance reviews on key IT infrastructure components and applications, prioritizing based on criticality and perceived risk.
• Manage identified security weaknesses and risks throughout their lifecycle using product backlogs to enable development teams to prioritize and address issues promptly, providing knowledge transfer through meetings, walkthroughs, and technical discussions.
• Create documentation and a knowledge base for developers to implement secure coding practices and recommend missing security controls to foster a secure design culture.
• Transfer knowledge about vulnerabilities identified during assessments to software engineering teams through meetings, walkthroughs, and technical discussions to facilitate security fixes.
• Collaborate with development teams to improve security through design reviews, threat modeling, awareness training, new tooling, and expert reviews.
• Develop tools, scripts, and automation to streamline vulnerability discovery and management, making processes more consistent, repeatable, and efficient.

Qualifications & Experience

To qualify for this role, candidates should meet the following requirements:

• 5+ years of experience in IT security.
• Bachelor's degree or equivalent in Information Technology.
• Experience with offensive security methodologies, tools, and frameworks such as C2, antivirus evasion, defense evasion techniques, and threat emulation frameworks.
• Strong understanding of network protocols, system architectures, and security technologies.
• Proficiency in social engineering techniques and assessing organizational resilience.
• Deep knowledge of threat intelligence, threat actors, and tactics.
• Experience handling security incidents and response procedures.
• Proficiency in scripting and programming languages like Python, Go, Bash for automation and customization.
• Extensive experience in conducting technical risk assessments and providing mitigation recommendations.
• Excellent communication skills for explaining complex security issues to various stakeholders.
• Relevant certifications such as OSCP, OSEP, CRTP, CRTE, or similar recognized credentials.
• Proficiency in using Splunk and developing detection mechanisms.

Salary & Benefits

Join us in Dubai and enjoy an attractive tax-free salary along with travel benefits, including discounts on flights and hotel stays worldwide.

J-18808-Ljbffr

Security Manager • Dubai, Dubai, United Arab Emirates