Plan, develop, implement and manage a comprehensive corporate, as well as regulated CyberSecurity (CS) Redteam (ethical hacking) and CyberSecurity Assurance program to ensure the confidentiality, integrity and availability of information owned, controlled or processed by or on behalf of the Emirates Group. The role is accountable for providing end to end CyberSecurity assurance activities across the entire Group. This includes redteaming, penetration testing and security-by-design as well as privacy-by-design accountability & oversight within the IT delivery teams under the Emirates Group.
2. JOB ACCOUNTABILITIES LINKED TO OBJECTIVE AREAS
1. Drive and own CyberSecurity redteam, penetration testing as well as CS Assurance activities providing consulting services to all global and local entities under The Emirates Group including Application Assurance, Web and Mobile Assurance, Infrastructure Assurance, Compliance Assurance and Program Assurance.
2. Deliver a global strategy and roadmap to implement skills and technologies delivering the respective services to The Emirates Group with a focus on faster identification and remediation throughout the whole Lifecycle. This part of strategy is a core element of the overall cybersecurity posture of the group representing the preventive side of the security strategy.
3. Overall responsibility of implementing and embedding security, privacy and regulatory compliance by design principles (shifting CyberSecurity left in our application live cycle) ensuring these fundamental requirements are embedded into the IT organisation.
4. Provide monthly executive reporting (manage through data) on the current state of CyberSecurity by design and drive remediation where required.
5. Provide CyberSecurity consulting to the business in projects. Articulating and communicating CyberSecurity concepts/information effectively to senior business stakeholders on all levels.
6. Take overall responsibility for continuous CyberSecurity Assurance improvement in IT and the Business through embedding Assurance capabilities into the Agile Release Trains (ARTS) as well as a delivering on a roadmap to embed DevSecOps into the Emirates IT Culture to drive the development of secure systems that protect the Emirates Group from CyberSecurity threats long term. This role is accountable for the education and continuous upskilling of business stakeholders (also including IT) and ensuring that CyberSecurity and Assurance and prevention is part of the Emirates Group culture.
7. Lead, coach, and mentor the team of high performing CyberSecurity professionals individuals, providing servant leadership whilst facilitating professional development and opportunities for growth. Foster a climate of systematically embedding a culture of security, quality and continuous improvement, ensuring the customer needs are met and expectations exceeded whilst supporting the team through continuous, transparency and openness, to grow and maintain trust with the wider business. Enable optimal, fit for purpose staffing by ensuring the Group CyberSecurity Assurance team is adequately resourced and kept up to date with changing standards, technologies and processes. Ensure an appropriate talent pipeline for these niche skilled resources
8. Build and deliver a fit for purpose RedTeam capability and drive towards a purpleteam excercises without losing oversight and governance.
9. Drive industry best practice research to continuously improve Group CyberSecurity redteam, pentesting and CS Assurance capabilities.
ANNEX I: OBJECTIVES AND RELATED FINANCIAL DETAILS
– Contributory management and influencing to overall IT run costs of AED 1.7b and yearly investment costs of AED 581m.
– This role is a major driver to reduce the exposure of data breaches that result in leakage of customer data can result in fine of up to 4% of profits under GDPR.
– This role is ensuring operational availability of Business critical services (e.g. Airline operational systems or revenue creating booking systems) by reducing the risk of operational outages driven through denial of services attacks.
This role reports directly to the Group Cyber Security
Qualifications & Experience
In an IT related specialism
Relevant experience in CyberSecurity and application security including experience in technology and security leadership experience of which at least five years should be at a senior level in CyberSecurity specifically in assurance, pentensting or redteaming functions, within an operational multinational environment.
Relevant experience in building a security & privacy by design capability within agile delivery teams.
Hands-on experience in a global complex environment is a plus
Redtean lead experience or penetration testing experience is a plus
Knowledge/understanding of the following:
– Software Engineering and Software Development Lifecycle
– Agile Ways of working / process flows
– IT Measures and Metrics (KPIs)
– IT Quality Management
– Security Incident Response
– Regulatory CyberSecurity & privacy compliance
– DevSecOps experience is a plus
– Penetration testing
Being a part of one of the fastest growing start-ups; this role will present the opportunity to learn and sell...Apply For This Job
WHAT WILL YOU BE DOING? Proactively identifying and resolving prospective customer issues to drive conversion Approach potential customers with the...Apply For This Job
Ensures the achievement of all the tangible and intangible aspects of the Brand(s) handled. Ensures smooth interaction & healthy relations...Apply For This Job
To execute and deliver development projects from inception to completion, within time, to the required quality and within budget. What...Apply For This Job
This is an opportunity to work on a large hospitality project in one of the emirates of the UAE. Your...Apply For This Job