Information Security Expert - Risk and Security Management

Summary

The Information Security Expert(s) play a crucial role in identifying, analyzing, and managing information security risks across the organization. Their main objective is to ensure the safety and integrity of information resources while supporting business objectives and compliance with risk tolerance levels.

Main Responsibilities:

• Lead or support comprehensive risk assessments to identify security risks.
• Develop, implement, and monitor risk treatment plans detailing control measures and required resources.
• Facilitate risk acceptance decisions with proper documentation and approvals.
• Create mitigation strategies that effectively balance security and operational efficiency.
• Maintain a dynamic inventory of cybersecurity risks in IT and OT environments.
• Provide support for third-party security risk management and supply chain security assurance.

Key Requirements:

• Expertise in information security risk assessment methodologies (qualitative, quantitative, hybrid).
• Experience with cybersecurity risks in IT and OT environments.
• Knowledge of vendor security assessments and risk management processes.

Nice to Have:

• Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001).
• Experience in developing vendor risk rating methodologies.
• Certifications in information security (e.g., CISSP, CISM).

Other Details:

Location: Abu Dhabi - UAE
Contract Duration: 12 months extendable