Accountabilities and Key Roles:

• Direct, coordinate, plan and organize activities related to Information Security Management Systems (ISMS) certification process as per the defined scope in alignment with ISO27001 standards, practices and controls.
• Arrange and Manage ISMS Certification internal and External Audit
• Develop and Maintain KPI’s/Metrics to ensure effectiveness of Information Security Controls in coordination with ISMS subordinates
• Works with all IT Teams and Risk – Information Security Department (ISD) within the scope of ISMS certification to ensure that effective controls (within the scope of ISMS Technology, Process, and People) are in place, implemented and being periodically tested (Control Self Assessment) covering all Risks identified in IT Risk Register.
• Validate the sufficiency of all Risk Assessment exercises carried out by different teams in IT covering the scope of ISMS.
• Validate that IT department- wide information security efforts are consistent and that duplication of effort is avoided.
• Support efforts and initiatives for proper risk management of information security.
• Reviews audit and examination reports dealing with the information security issues (Confidentiality, Availability and Integrity) and communicates their status to the ISMS Committee.
• Coordinate internal staff in their efforts to comply with ISMS policies and relevant procedures, standards and guidelines.
• Review and Assess the adequacy of security training and awareness program being provided to ISMS responsible IT users/teams within the scope of ISMS certification.
• Follow-up on Risk Mitigation/Treatment action plans, priorities, progress reports and other management communications intended to improve the status of the implemented ISMS framework.
• Oversee the quality, coverage and effectiveness of the established technological mechanisms and standards regarding the security of the information systems within the ISMS.
• Ensure all ISMS subordinates are conducting activities in a manner that is consistent with established policies, procedures, standards and other management directives.
• Ensure information security governance framework is implemented and maintained, and being involved in developing and distributing information security policies, standards, guidelines and processes.
• Provide periodic updates on the security posture of the ISMS Scope to the ISMS Committee.

Job Requirements:

Education:

Bachelor degree in Computer Science/ Computer Engineering from a recognized university.

Experience: 

More than 7 years of experience in IT domain with specialty in Information Security and ISMS ISO27001 Implementation.

Competencies: 

• Experience in Information Security and implementation of ISO27001/2 Standard.
• Experience in conducting IT Risk assessments in alignment with ISO27005 Standard or NIST.
• Practical knowledge on conducting ISMS audits and assessments in term of controls assessments, business impact analysis, threat valuation, vulnerability assessments, and treatment plans.
• Technical knowledge in latest Security technologies and vulnerability assessment tools.
• Experience in developing information security policies, procedures, and frameworks.
• Knowledge in Networking and system operations security.
• Knowledge in configuration reviews and hardening standards.
• Demonstrate a range of effective conflict resolution techniques.
• Good reporting, presentation, and interactive skills.
• Certification: ISO27005, ISO27001 LA/LI, CISSP, CISM, CISA, and CEH