Role Purpose

Zain Iraq is Actively recruiting to hire Information Security risk expert is responsible for providing security guidance for all security projects, including the evaluation and recommendation of security controls. He/ she will also be hands-on and responsible for contributing to the security posture enhancements through various engagements.

Responsibilities

• Assist with the review of information security policies, guidelines, and procedures.

• Provide recommendations on applicable controls to mitigate identified threats and risks from an advisory perspective and collaborate with IT Operations in identifying actionable threats.

• Assist with developing a full-year roadmap to address the potential risks and threats with the business case.

• Collaborate with IT operations in conducting security risk assessments to determine information security requirements across all applicable processes and associated systems.

• Conduct Vulnerability Assessment of systems to identify vulnerabilities and assist system owners in mitigation

• Provide support to ensure a productive and secure environment with an emphasis on Information Security.

• Collaborate with the Group to assist in maintaining the Group Security Dashboard showing the current level of threat, the status of known vulnerabilities, the progress of regular/planned activities and the efficiency of incident management.

• Assist with the maintenance of the Information Security Management System (ISO 27001:2013) and NIST framework where applicable.

• Suggest security requirements to align with the outlined 2023-25 Group cybersecurity strategy.

• Provide support for information security training & awareness campaigns

• Participate in security operations and incident response and provide support as needed for Zain Iraq

• Assist with the evaluation of security threats, and their impacts and ensure implementation of appropriate processes and controls to mitigate or minimize them.

• Work with multiple stakeholders internal and external penetration testing vendors in the successful completion of VA & PT Activity.

• Proficient in network security and web application security with previous hands-on experience in Network security tools NMAP, Nessus/Qualys and Metasploit.

• Intermediate experience with enterprise governance, risk, and compliance platforms

• Proficient in either Microsoft Azure or Amazon Web Services cloud.

• Hands-on experience in information security infrastructure solutions such as but not limited to Identity & Access Management, Security Information & Event Management, Endpoint Detection and Response, Intrusion Detection and Prevention Systems and Firewalls to be able to review systems and identify relevant threats and make recommendations from an advisory perspective.

• Support the Business Continuity Teams at OpCos to ensure that the disaster recovery plans for Information Security controls are documented and address availability risks.

Educational Qualifications and Experience

Educational Qualifications          

• Bachelor’s degree in computer science, Information Technology or equivalent

• Preferably be Security+/ Network +, CEH, CRISC/ CISSP OR SANS GIAC GPEN/ GXPN certified. Preferably hold a master’s degree in the field

  Experience

•  A minimum of 4 years of relevant experience with at least 2 years in a similar role

Competencies

 Behavioural

• Achievement Driven

• Information Seeking

• Problem Solving and Creativity

• Relationship Building

•   Initiative

Technical

• Oral and Written Communication  

• Managing Information

• Technology Application

• Quality, Health, Safety, Security and Environment

• Capacity Planning and Demand Management

•   IT User Support

• IT Business Analysis

DEI Competency

• Courage to Engage

• Addressing Bias

• Allyship