Information Security Specialist

Job Description

Information Security Specialist is responsible for information security policy development and maintenance, design of security policy awareness activities, monitoring compliance with security policy and applicable national law, and coordinating investigation and reporting of security incidents.  Working with the information Technology team, the incumbent will monitor, assess, and fine –tune Marafiq business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.

Information Security & Internal Controls:

• Monitor and advice on information security issues related to the systems and ensure the internal security controls are appropriate and operating as intended.

Coordinate Security Projects & Responses:

• Coordinate and execute Information security projects.
• Coordinate response to information security incidents.

Security Audits:

• Conduct data classification assessment and security audits and manage remediation plans.

Security Awareness / Security Review Program:

• Create, manage and maintain user security awareness.
• Assist in creating and maintaining a security-conscious culture within Marafiq.
• Provide local interpretation of Marafiq’s information security policies, standards and procedures to meet business’s needs.
• Co-ordinate input from within Marafiq towards the development of information security policies, standards and procedures.
• Implement a security review program and ensure that only weaknesses and failures to comply with standards and procedures are identified and resolved.
• Assist in identifying and reporting security breaches and weaknesses, non-compliance with existing information security policies.
• Respond to Points raise by auditors

Policies & Procedures:

• Follow all relevant operational procedures and instructions so that work is carried out in a controlled and consistent manner.
• Safety, Quality & Environment:
• Follow all relevant safety, quality and environmental control procedures and instructions so that personal safety/the safety of others is not jeopardised and a minimum level of product/service quality and environmental impact can be guaranteed.

Job Requirements

Minimum Qualifications :

• Degree in Computer Science, Computer Engineering, Management Information Systems or related field.

Minimum Experience :

• Two+ years of progressive experience in computing and information security, including experience with Internet technology and security issues... Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing. CISSP, GIAC, or other security certifications desired.

Job Specific Skills :

• Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
• Strong analytical and problem solving skills.
• Good communication (oral, written, presentation), interpersonal and consultative skills.

This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

Generic Skills :  

• English Language – Level 3
• Health & Safety Systems – Level 2
• Knowledge of Policy & Procedure – Level  3
• Quality Management Systems – Level 2
• SAP - Level  3
• Time Management – Level  2
• Data Gathering & Analysis – Level  2
• PC – Level  3
• Performance Management – Level  3
• Written Communication – Level  2
• IT Applications – Level 32