Information Security Specialist


: Industry Standards


: 6 Years

Joining Date


Job Location

: Abu Dhabi

Industry Type

: IT Service


: IT Security

Reporting To

: Manager

Job Type

: Full Time

Job Description

Development of the Information Security Strategy and to other strategies

  • As a subject matter expert, participate in the development of all required Group digital strategies, including but not limited to digital growth strategy, storage strategy, infrastructure strategy, information security strategy, capacity strategy, resources management strategy, services delivery strategy, operating model development, content strategy, sourcing strategy, cloud strategy, etc.
  • Support and contribute to the implementation of enterprise security and architecture programs by establishing the Group information security framework and the information security domain specific reference models and artifacts.

Development & implementation of the Group information security strategy

  • Contribute to the development of Abu Dhabi Ports Group information security vision, mission, and principals.
  • Actively contribute to the development of the Group’s enterprise information security strategic goals, initiatives, objectives, and metrics. 
  • Enable the required information security governance structures and mechanisms.
  • Work with other stakeholders to prioritize security initiatives and controls based on an effective risk management program.
  • Make recommendations to business leaders/management to ensure alignment with current and future security standards and propose enhancements that will ensure the security and safeguard of Abu Dhabi Ports Group digital infrastructure and applications portfolio.
  • Coordinates the InfoSec risk management activities:
  • Actively contributes in the development and implementation of a strategic, comprehensive enterprise InfoSec risk management program based on recognized international standards and frameworks (ISO 20000, NESA, CERT-RMM, ISO 22301, ISO 27000, PCI DSS, COBIT, etc.).
  • Identify acceptable levels of InfoSec risk and establish the required roles and responsibilities about the information classification and protection.
  • Actively contributes in the management of the Digital InfoSec risk identification, assessment, and management processes, including reporting and oversight of remediation efforts to address risks, vulnerabilities, and threats.
  • Lead the Digital InfoSec risk management related activities and coordinate them with staff from the Digital Cluster organization and business unit teams.
  • Develop and maintain the InfoSec risk management registers, plans and reports.
  • Support in the integration of the InfoSec risk management program with the enterprise risk management practice.
  • Leads the information security program:
  • Actively contribute to the development, implementation and management of a comprehensive Groupwide information security management program based on recognized international standards and frameworks (ISO 20000, NESA, CERT-RMM, ISO 22301, ISO 27000, PCI DSS, COBIT, etc.).
  • Actively contributes in the design and implementation of the information security vulnerability reduction programs.
  • Support in the development and implementation of Information Security standards, guidelines, and procedures.
  • Assess the Company critical applications and infrastructure environments to ensure their optimal protection.
  • Integrates IT information security governance function and processes with the corporate compliance, audit, crisis management and IT business continuity processes and mechanisms.
  • Conducts the information security assessments and assurance activities to identify potential security exposures and recommend improvements.
  • Information security awareness program
  • As assigned, design and delivers the information security and risk management awareness programs within Abu Dhabi Ports Group via direct or indirect communication, training, workshops, etc.
  • Coordinates Abu Dhabi Ports Group level efforts in improving the Company workforce information security culture.
  • Information technology compliance program
  • Responsible for the design and implementation of a comprehensive compliance review program.
  • Coordinates the Digital Cluster audit and compliance activities and initiatives.
  • Leads the security assessments and reviews of new systems designs or modifications prior to the implementations. Supports the change advisory board on the required assessments and evaluations.
  • Advises during the preparation of projects and programs’ RFPs, bid proposals, contracts, and scopes of work for all information security and governance requirements.
  • Within the Digital Cluster, enables coordination of all Internal and External IT Audit activities.
  • Wherever applicable, maintains relationships with local law enforcement and other related government agencies.
  • Develops, communicates, and manages compliance with organizational   security   policies, standards, and regulatory requirements.
  • Plans and manages periodic penetration testing and security assessments exercises as appropriate.
  • Information security and governance standards, policies, and processes
  • As directed by the Digital Cluster Management, and in line with the adopted standards; designs and develops the required information security and governance standards, policies, and procedures.
  • Advises on the implementation of standard tools  and  processes  by  which  Abu Dhabi Ports Group employees, customers, contractors and suppliers access the company systems security, availability and integrity
  • Develops Abu Dhabi Ports Group Digital services resilience framework and all associated standards and mechanisms.
  • Acts as a subject matter expert for all information security and risk management initiatives and issues. Also, for the implementation of domain standards and best practices.
  • Information security incident management processes:
  • Develops the information security service continuity, contingency planning and incidents management standards, policies, and related processes.
  • Contributes to the implementation and regular testing of the continuity management also security incidents management processes.
  • Assists in the recovery planning efforts as well as in the investigation of security breaches, also with legal matters associated with such breaches as necessary.
  • Assists in establishing the Company Computer Emergency Response Team (CERT) for responding to any related incident.
  • Leads the conduction of required root cause analysis and provides necessary recommendations to prevent the re-occurrence of such events.
  • Works with the company systems’ owners to assess and develop the IT recovery plans ensuring the company critical business systems continue to operate in the case of a disaster or extended outage.
  • Additional Duties:
  • Contributes toward and promotes the protection of the Abu Dhabi Ports Group Digital assets and corporate information against threats to their security by implementing the Information security standards and all other related rules, regulations, and guidelines.
  • Performs other related duties as assigned.
Powered By