· Participate in the design and implementation of Information Security department’s strategy and roadmap to support alignment with overall IT strategy.
· Establish the Information Security department’s plans and provide input to the overall IT goals that support flyadeal’s overall strategic plans.
· Lead and drive the achievement of Information Security department’s strategy, objectives and KPIs within the accountabilities of the department.
· Participate in Information Security department’s budgeting cycle and provide input to the budgeting process.
· Ensure effective utilization of Information Security department’s budget and report accurately on progress made and challenges encountered.
· Translate functional requirements and high-level designs into low level technical designs or/and RFP development
· Participate in bidding process that includes vendors and proposals evaluations.
· Define development and Operation cycle within Information Security.
· Manage the development of SOP documents for security Services and Products
· Conduct security and behaviour driven development testing after every iteration of development.
· Provide release readiness validation, deploy releases and hand-over to operations team all documentation and accesses.
· Develop and Recommend improvements to Information Security department’s policies and direct the implementation of procedures and controls covering all areas of activity so that all relevant procedural / legislative requirements are fulfilled while delivering high quality and cost-effective results.
· Maintain protection of IT Infrastructure environment with a keen focus on availability, confidentiality and integrity.
· Build and implement tools and frameworks to proactively monitor and protect flyadeal IT infrastructure and assets.
· Create and maintain policies and technical documentation to ensure efficient planning and execution.
· Bridge the gap between deployment and operational teams.
· Design, create and maintain comprehensive documentation of best practices for all implemented security systems configurations
· Brief senior management on developments, trends in cybersecurity and controls required to protect the organization.
· Maintain knowledge of cybersecurity threats to the organization
· Evaluate and determine the adequacy of security architectures and designs. And Provide advice on project costs, design concepts, or design changes.
· Advise on security requirements to be included in procurement and bidding process.
· Document and address organization's security architecture, and systems security engineering requirements throughout the acquisition life cycle.
· Define system security context, concept of operations and baseline requirements in line with applicable cybersecurity policies.
· Conducts Business impact analysis (BIA) to ensure information resources are adequately protected with proper security measures. Maintain data privacy using best practice of processes and implement next generation data loss prevention technology to ensure flyadeal data protection.
· Develop, Recommend and ensures flyadeal business continuity plan (BCP), IT resiliency and disaster recovery (DR) plans are implemented, documented and maintained. Ensure that cybersecurity requirements are included in all business continuity and disaster recovery planning operations.
· Support the development of secure applications, systems and processes and works with all business units to ensure security is engaged in all projects.
· Develop and implement secure and resilient cloud strategy in conjunction with enterprise architecture.
· Provide subject matter expertise to develop and architect the next generation of organizational cybersecurity.
· Manage Day to Day Security events and logs analysis for perimeter security, Email security, cloud security, Vulnerability Assessment/Management, EPP and MDR, threat hunting, threat intelligence and other analytics needs.
· Manage Day to Day Security Operations including perimeter security, Email security, Data Loss Prevention, Identity & access management, Vulnerability Assessment/Management, malware protection, EPP & EDR and other operational needs.
· Motivate subordinates and contribute to the identification of opportunities for continuous improvement of systems, processes and practices taking into account leading practices, improvement of business processes, cost reduction and productivity improvement.
· Monitor day-to-day activities to ensure compliance with stipulated policies and procedures.
· Identify, assess and recruit key talent for Information Security department.
· Manage and assist subordinates to perform their functional operations in accordance with set policies and procedures.
· Guide, mentor and develop Information Security department’s team as part of their continuous development.
· Set performance objectives, provide necessary support, evaluate / appraise the team and provide regular feedback on performance.
· Promote a high-performance working environment within Information Security department.
· Collaborate with relevant stakeholders to identify Information Security department’s required projects to meet future business demands.
· Develop regular reports on Information Security department’s progress and outputs to be shared with relevant stakeholders in line with reporting requirements.
· Develop and maintain strong working relationships with different business functions and decision makers
· Work proactively with all third-party suppliers to develop strong business relationships.
· Operate effectively within IT team through participation and contribution, and deliver the appropriate training/knowledge transfer to new members of the IT team as and when required
· Knowledge of network, voice, wireless, systems and cloud components, their acceptance risks, security operations and appropriate security controls and methods.
· Knowledge and understanding of risk assessment, mitigation and management methods.
· Knowledge of the principles of cybersecurity and privacy.
· Knowledge of cybersecurity related threats and vulnerabilities.
· Knowledge of the likely operational impact on an organization of cybersecurity breaches.
· Knowledge of cybersecurity authentication, authorization, and access control methods.
· Knowledge of cybersecurity defence, security assessments and their testing capabilities.
· Knowledge of cryptography and cryptographic key management concepts.
· Knowledge of Asset management and related security.
· Knowledge of installation, integration and optimization of system components.
· Knowledge of best practices for incident response and incident management.
· Knowledge of software development security.
· Knowledge of multi-vendor security products.
· Bachelor’s Degree in computer engineering, Computer Science, or equivalent.
· Certificate: CISM/ CISSP/CEH/ GIAC SANS/ Cyber Ops Specialist or equivalent.
· Minimum 5 years of Experience.
· Team Management.
· Communication skills.
· Negotiation skills.
· Risk identification and management.
· Read and interpret technical diagrams, specifications, drawings, blueprints, and schematics relating to systems and networks.
Web Application Security, Cyber Security, QualysGuard, Security, Information Security Management