ZAIN1068 - Information Security Risk Senior Specialist
-
OperationZain Iraq
-
DivisionRisk Management
-
LocationIraq - Baghdad
-
Closing Date01-Jun-2024
About Zain
Role Purpose
Zain Iraq is Actively recruiting to hire Information Security risk expert is responsible for providing security guidance for all security projects, including the evaluation and recommendation of security controls. He/ she will also be hands-on and responsible for contributing to the security posture enhancements through various engagements.
Responsibilities
Assist with the review of information security policies, guidelines, and procedures.
Provide recommendations on applicable controls to mitigate identified threats and risks from an advisory perspective and collaborate with IT Operations in identifying actionable threats.
Assist with developing a full-year roadmap to address the potential risks and threats with the business case.
Collaborate with IT operations in conducting security risk assessments to determine information security requirements across all applicable processes and associated systems.
Conduct Vulnerability Assessment of systems to identify vulnerabilities and assist system owners in mitigation
Provide support to ensure a productive and secure environment with an emphasis on Information Security.
Collaborate with the Group to assist in maintaining the Group Security Dashboard showing the current level of threat, the status of known vulnerabilities, the progress of regular/planned activities and the efficiency of incident management.
Assist with the maintenance of the Information Security Management System (ISO 27001:2013) and NIST framework where applicable.
Suggest security requirements to align with the outlined 2023-25 Group cybersecurity strategy.
Provide support for information security training & awareness campaigns
Participate in security operations and incident response and provide support as needed for Zain Iraq
Assist with the evaluation of security threats, and their impacts and ensure implementation of appropriate processes and controls to mitigate or minimize them.
Work with multiple stakeholders internal and external penetration testing vendors in the successful completion of VA & PT Activity.
Proficient in network security and web application security with previous hands-on experience in Network security tools NMAP, Nessus/Qualys and Metasploit.
Intermediate experience with enterprise governance, risk, and compliance platforms
Proficient in either Microsoft Azure or Amazon Web Services cloud.
Hands-on experience in information security infrastructure solutions such as but not limited to Identity & Access Management, Security Information & Event Management, Endpoint Detection and Response, Intrusion Detection and Prevention Systems and Firewalls to be able to review systems and identify relevant threats and make recommendations from an advisory perspective.
Support the Business Continuity Teams at OpCos to ensure that the disaster recovery plans for Information Security controls are documented and address availability risks.
Educational Qualifications and Experience
Educational Qualifications
Bachelor’s degree in computer science, Information Technology or equivalent
Preferably be Security+/ Network +, CEH, CRISC/ CISSP OR SANS GIAC GPEN/ GXPN certified. Preferably hold a master’s degree in the field
Experience
A minimum of 4 years of relevant experience with at least 2 years in a similar role
Competencies
Behavioural
Achievement Driven
Information Seeking
Problem Solving and Creativity
Relationship Building
Initiative
Technical
Oral and Written Communication
Managing Information
Technology Application
Quality, Health, Safety, Security and Environment
Capacity Planning and Demand Management
IT User Support
IT Business Analysis
DEI Competency
Courage to Engage
Addressing Bias
Allyship
About Application Process
If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):
- Resume/CV
- Highest Education Qualification