Security And Governance Officer - ضابط أمن وحوكمه

Job Responsibilities

• Support Information Technology Department team in daily tasks, including incident response, investigations, project management, assurance tasks, and reporting responsibilities.
• Conduct penetration testing on both new and existing applications to analyze vulnerabilities and assess their potential consequences.
• Regularly perform vulnerability assessments on the IT infrastructure systems of the University of Khorfakkan to identify weaknesses, prioritize risks, and ensure prompt remediation.
• Coordinate with the internal IT auditor to assess potential risks impacting the IT infrastructure, address audit findings, and implement corrective actions to close identified audit discrepancies.
• Ensure authorized access by investigating improper access and reporting violations.
• Create concise and comprehensive reports related to security violations, including recommendations for addressing any identified control weaknesses.
• Methodically conduct system and process audits to verify compliance with adopted processes, policies, and standards.
• Be an advocate of security awareness, stay updated on cybersecurity trends, and incorporate best practices into daily work.
• Protect systems by defining access privileges, control structures, and resources.
• Assist in the development and implementation of IT Disaster Recovery/Business Continuity plans and maintain disaster recovery documentation, policies, and protocols.
• Implement security improvements by assessing the current situation, evaluating trends, and anticipating future requirements.
• Provide thought-leadership within Information Security and the IT team to help implement or improve existing security controls.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attack vectors.
• Select and acquire additional security solutions or enhance existing security solutions to improve overall enterprise security as per the existing procurement processes.
• Oversee the deployment, integration, and initial configuration of all new security solutions and enhancements to existing security solutions in accordance with standard best practices.
• Ensure the confidentiality, integrity, and availability of data residing on or transmitted through workstations, servers, and other systems, as well as in databases and other data repositories.
• Engage in ongoing communications with peers in the Systems and Networking groups, as well as various business groups, to ensure enterprise-wide understanding of security goals, solicit feedback, and foster cooperation.
  
  

• Maintain and encourage open and honest business relationships within the team.
• Be a change leader to adapt to new and innovative ways of delivering IT services.
• Build and utilize working relationships with internal business partners across the organization.
• Communicate in a respectful and well-understood manner.
• Consider health & safety as a primary concern for yourself and others.
• Manage a large variety of work while meeting tight deadlines.
• Handle the demands of multiple stakeholders, sometimes with conflicting interests.
  
  

• Bachelor’s degree from an accredited institution, preferably in Computer Science, Information Technology Systems Security, or a related field. Master’s degree preferred.
• Minimum of five (5) years within the last twelve (12) years of experience in an Information Security role.
• Knowledge of Information Technology Infrastructure Library (ITIL) (certification preferred) concerning security administration and information technology governance in a multiplatform environment.
• Experience in penetration testing, vulnerability assessments, and risk-based remediation strategies.
• Experience in establishing cybersecurity and risk metrics for reporting.
• Strong emotional intelligence with sustained leadership involving multiple stakeholders.
• Demonstrated management skills, including budget development and administration, policy development and implementation, personnel administration, and staff training and development.
• Demonstrated ability to work with diverse individuals; effective oral and written communication skills.
• Ability to apply knowledge and experience to achieving enterprise strategy, mitigating external risks, improving internal processes, and delivering business outcomes.
• Strategic Thinking: Ability to manage multiple goals and deadlines while maintaining a big-picture perspective.
• Facilitation, Negotiation, and Problem Resolution Skills: Ability to build strong relationships with technology and solutions teams, customers, and vendors.
• Resilience and resourcefulness.
• At least one of the following certifications:
• Certified Information Security Manager (CISM)
• GIAC Security Essentials (GSEC)
• Certified Information Systems Security Professional (CISSP)
• Two or more of the following certifications:
• (ISC)2 SSCP, CCSP, or CCFP
• ISACA Certified Information Security Manager or Auditor
• GIAC Security Management and Leadership or Technical Security Certifications
• EC-Council CEH or EDRP
• Cisco CCNA or CCNP Security
• Microsoft Certified Systems Engineer: Security
• Cloud Security Certifications such as the Cloud Security Alliances CCSK or other certifications specific to major platforms like AWS or Azure