IT Security Consultant

Job Description

Job Title: IT Security Consultant

Job Location: Abu Dhabi

Job Role

We are seeking an experienced Information Security Consultant to Assist, coordinate & undertake information security activities throughout that are aligned with Information Security Strategy i.e., Technology Governance, Information Risk Management, Technology Compliance & work in security operations centre. Also, promote awareness of strategic initiatives, and encourage self-sustaining security practices and behaviours within delivery teams and organization in general.

Roles & Responsibilities

• Maintains an awareness of the global needs of the organization, and promotes (to both information systems and business management) the benefits that a common approach to information Security will bring to the business as a whole.
• Information Security – Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls. Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems. Investigates suspected attacks and manages security incidents. Uses forensics where appropriate.
• Information Assurance – Interprets information assurance and security policies and applies these in order to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Uses testing to support information assurance. Contributes to the development of policies, standards and guidelines.
• Technical Specialism – Maintains knowledge of specific specialisms, provides detailed advice regarding their application and executes specialized tasks.
• Innovation – Actively monitors all threats and seeks opportunities for new methods, trends, capabilities and products to the advancement of the organization. Clearly articulates, and formally reports potential risks and benefits from both structural and incremental change. Encourages and motivates colleagues to share creative ideas and learn from failures.
• Business Risk Management – Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, Conflicts, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Co-ordinates the development of countermeasures and contingency plans.
• Emerging Technology Monitoring – Maintains awareness of opportunities provided by new technology to address security challenges or to enable new ways of working. Within own sphere of influence, works to further organizational goals, by the study and use of emerging technologies and products. Contributes to briefings and presentations about their relevance and potential value to the organization.
• Continuity Management – Provides input to the service continuity planning process and implements resulting plans.
• Data Management – Assists in providing accessibility, retrievability, security and protection of data in an ethical manner.
• Methods & Tools – Promotes and ensures use of appropriate techniques, methodologies and tools.
• Security Administration – Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
• Penetration Testing – Coordinates and manages planning of penetration tests, within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defenses and mitigating controls - both those already in place and those planned for future implementation. Takes responsibility for integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on the planning and execution of vulnerability tests. Defines and communicates the test strategy. Manages all test processes, and contributes to corporate security testing standards.
• Incident Management - Diagnoses incidents according to agreed procedures within Info Sec domain. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Documents and closes resolved incidents according to agreed procedures