The Government of Dubai legal Affairs Department (“the Department”) is looking forward to recruiting legal staff in information security area to work at Information Security Unit to perform its duties and functions according to the procedures applicable in this regard 

Key Duties and Responsibilities:

·Planning, implementing and maintaining an integrated information security management system compatible with the Department’s operations and implementing the approved information security standards of the Government of Dubai in coordination with Dubai Electronic Security Center.

·Preparing a cyber security strategy and linking it to the objectives of the Department Strategy.

·Planning, developing, reviewing and updating information security methodologies and policies in line with the best practices of ISO 27000 standards and the approved information security standards of the Government of Dubai in coordination with Dubai Electronic Security Center.

·Ensuring compliance by the Department with the Information Security Regulation (ISR) of the Government of Dubai pursuant to Executive Council Resolution No. (13) of 2012.

·Coordinating with the relevant Organisational Units of the Department on creating an updated information assets register at the level of the Department.

·Assessing and conducting periodic review of cyber risks and developing appropriate treatment plans to address them, monitoring systems and networks, detecting security vulnerabilities and conducting necessary assessments and treatments.

·Analysing security reports, developing proactive protection strategies, overseeing Dubai Cyber Index and submitting periodic reports to the senior management.

·Developing and implementing security policies, standards and procedures to ensure the continuity of security and securing critical and privileged data and the compliance with the relevant legislation and interpretations of relevant legal provisions.

·Working with the management/ concerned directorate of the Department to prioritise security initiatives and financial allocations according to an appropriate risk management methodology.

·Managing information security governance at the level of the Department, Information Security Steering Committee and Information Security Communications Office.

·Conducting internal assessments and submitting recommendations to the Management/ Directorate concerning whether the security control procedures are sufficient for the technical and information systems of the Department.

·Inviting a special security committee to convene, as necessary, to provide guidance on how to respond to breaches and inform the Department.

·Planning and organising educational and awareness programmes on risk management and cybersecurity and providing the Organisational Units with advice on security issues, best practices and potential vulnerabilities.

·Developing, implementing and managing technical security standards as well as a number of security services and tools to address and mitigate security risks.

·Providing direction and guidance on assessing information security risks and monitoring compliance with security standards and appropriate policies.

·Coordinating with the relevant Directorates to provide crisis management and disaster recovery plans and ensure business continuity.

·Following up security incidents and working as a point of contact when major information security incidents occur and meeting with the security incidents response team, if necessary or upon request, to discuss and investigate security incidents.

Main Administrative Duties and Responsibilities:

·Using Tawqeet for the purposes of registering all assignments completed daily according to the applicable rules.

·Preparing a weekly report on all cases assigned to the employee and the actions taken in respect of such cases as per the instructions issued in this regard.

·Complying with all work procedures applicable at the Department concerning the Cases Management System (Tawtheeq).

·Complying with the information security policies approved by the Department.

·Complying with all circulars issued by the Department concerning attendance to ensure that the tasks assigned to the employee are completed in a timely manner and as per the required quality and efficiency.

Academic Qualifications and Years of Experience:

·Bachelor, master’s or PhD in Information Security, Information Technology or equivalent, along with 10 years of experience in an IT field, as well as experience in Information Security.

Technical and Behavioral Competencies:

·Analytical thinking, deductive reasoning skills and sound analysis of legal provisions and regulations.

·Ability to research and collect data with attention to details.

·Effective communication skills, teamwork spirit and positive energy.

·Negotiation and persuasion skills and professional customer service.

·Effective time management, planning, organisation and working under pressure.

·Creativity, innovation and taking the initiative and assuming responsibility.