About the Role

Department/Section:. Enterprise Risk Management Dept

Job Title:    Information Security Engineer           

Reports to:    Information security Manager           

Job Purpose:

Be responsible for Information security within the Organization. Managing the implementation, monitoring and support of Information Security Policies and procedures. Conduct periodic risk assessment and audits, report incident and review change management. Propose information security initiatives to enhance the company security posture in all its activities the GSM NW, IT or the Digital Services and cloud infra structure.

Key Tasks/Accountabilities:

• Responsible for protecting the confidentiality, integrity and availability of ZAIN SD information assets. Securing all information system resources from accidental or unauthorized modification, destruction or disclosure.

• Ensure compliance of process with all applicable laws, security best practices and ZAIN SD policies related to information security.

• Conduct risk assessment; propose mitigation and remediation strategies with cost-benefit analyses, and alternatives. Conduct audits, penetration testing , system health checks  reviews and vulnerability scans. Use a combination of automated tools, manual methods, and interviewing techniques to gather the information necessary to report on security risks. Author written reports summarizing findings and recommendations.

• Recommend, Evaluate, implement and support security solutions such as Zain  encryption system and  Zain events and log management systems .

• Participate in the incident response team in a hands-on, technical role. Identify the root cause of security incidents. Recommend and implement solutions for limiting the scope of the incident. Eradicate any signs of intrusion. Work with Risk management team   to recommend and implement additional controls to prevent future incidents.

• Conduct security reviews on Information security projects. Attend meetings and review documentation as needed in order to identify security requirements for new and ongoing   Information security projects. Design security solutions for new systems and applications.

• Monitor the announcements of new security vulnerabilities. Identify vulnerabilities that are applicable to ZAIN SD systems and applications, determine their severity and urgency, work with system owners to determine if and when corrective action will be taken, and perform necessary actions to verify that corrective actions were effective.

     Help organization staff identify and correct poorly implemented security controls.

• Maintaining and updating security policy documentation as and when required.

• Provide security training to audiences from management to staff as appropriate

• Manage relationships and agreements with contractors, suppliers and partners

• Ensure self-development in information security best practices, methodologies, technologies and products to provide accurate input into the corporate business systems decision making process.

• Develop contingency plans and ensure they are put into place and regularly reviewed/updated to mitigate risks/issues as the Zain SD customer base grows and the business expands

Typical Performance Measures:

• Effectiveness of Information Security strategy

• Effectiveness of Implementation, Management and Support of Information Security Initiatives

• Effectiveness of Information Security “First Point of Contact”

• Consistency and Quality of planning activities

• Effectiveness of issue resolution/decision making/change control and risk management

• Quality of relationships with internal customers/peers/suppliers

• Delivery of outcomes to agreed quality standards and deadlines

• Adaptability of work plans/resources in response to change

Dimensions:

• Reports to Information Security Manager..

• Accountable for maintaining Confidentiality, Integrity & Availability of critical Information assets.

• Manages implementation, support, reviews, and updates of all Information Security Initiatives.

• Conducts regular Information Security assessment and  Audits, documents reports and presents to the Management Outbound customers.

What We Need From You

Qualifications/Experience

• Professional qualification – BSc in computer science , engineering or equivalent 

• Three years Experience information security field.  

•  Implementation and Audit of ISO27001 based ISMS .

• CISSP / ISO 27001 Information Security lead audit, System lead auditor, CISSP is preferable

• Deep experience in a telecom network environment.

Knowledge:

• In-depth knowledge of ISO27001 and other international Standards and best practices related to Information Security is Mandatory.

• Good understanding of Change Management and Incident Management processes and methodologies

• Excellent understanding of business processes and business rules

• Understanding of the relevant regulatory, legal and other contextual factors impacting the information security.

• Understanding of GSM mobile operations, products and services

• Broad understanding of the Mobile Telecomm industry. Local and international market conditions, regional political climate and communications regulatory policies.

• Understanding of budgetary and resource management and control policies and processes

   Skills:

•  To develop, interpret and apply best practice methods/processes

• Writing documentation, giving presentations and teaching workshops

• Leadership/management skills within a matrix management environment

• Conflict handling and resolution skills

• Highly developed communication and reporting skills (verbal and written) in both Arabic and English

• Excellent planning and implementation skills