Associate Manager - Information Security (UAE National)

Associate Manager - Information Security (UAE National)

Job Purpose:

The role holder is responsible for supporting the implementation, operation, and continual improvement of the organization's Information Security Management System (ISMS) in alignment with regulatory and organizational requirements. The position assists in ensuring organization-wide compliance with information security policies, standards, and procedures, and supports the identification, assessment, and mitigation of information security risks. The role holder also prepares and reports the status of ISR implementation and the organization's information security posture to the Information Security Steering Committee, contributing to the ongoing enhancement of the entity's information security framework.

Key Accountabilities:

• Review, maintain, and define security requirements for all technology architecture designs across the organization.
• Lead the definition and implementation of technical security requirements for both IT and Information Security system.
• Identify gaps in existing security processes and drive continuous improvement initiatives aligned with ISMS and ITSM best practices.
• Define and maintain baseline security requirements and controls for all enterprise information systems.
• Perform comprehensive information security risk assessments, ensuring risks are mitigated to acceptable levels.
• Conduct technical security reviews across IT, IS, and other departmental systems and services.
• Oversee and assess cybersecurity resilience exercises to ensure organizational preparedness against internal and external threats.
• Analyze and provide expert input on Vulnerability Assessment and Penetration Testing (VAPT) reports, following up on remediation and mitigation activities.
• Review and advise on Business Continuity Planning (BCP) and Disaster Recovery (DR) strategies for critical enterprise systems.
• Perform threat modelling, risk analysis, and security assessments for both new and existing systems.
• Provide architectural guidance and technical leadership across key security domains including identity and access management, encryption, and secure application design.
• Support compliance efforts and technical preparation for internal and external audits, including ISO 27001 and DESC ISR.
• Evaluate IT and security-related projects, providing input on technical security risks, controls, and design requirements.
• Lead initiatives to strengthen information security governance frameworks, policies, and practices.
• Enhance and update information security policies, standards, and procedures to reflect emerging threats and evolving regulatory requirements.
• Collaborate with senior management to identify, classify, and securely manage organizational information assets.
• Develop and maintain an organization-wide information security risk assessment methodology.
• Ensure selection and implementation of appropriate operational controls based on risk assessment outcomes.
• Plan and conduct periodic information security awareness, education, and training sessions for employees and relevant external stakeholders.
• Ensure organization-wide compliance with the information security management system (ISMS) and report status to the Information Security Steering Committee.
• Support the development and enforcement of information security policies, standards, and procedures.
• Identify opportunities for continuous improvement in departmental systems, processes, and policies, incorporating international best practices to enhance efficiency.
• Support the development and refinement of departmental systems, policies, and standard operating procedures (SOPs).
• Ensure adherence to established policies, procedures, and controls across all operations.

Qualifications and Experience

• Bachelor's Degree (or 3-year Diploma) in Computer Science, Information Technology, Cybersecurity, or a related field from a recognized university.
• Master's degree in computer science, Information Technology, Cybersecurity, or a relevant discipline from a recognized institution is preferred.

Minimum Experience and Skills

• 3-5 years of progressive experience in Information Security, including at least 1-2 years in a supervisory or leadership capacity overseeing information security programs or initiatives.
• Proven experience in developing, implementing, and maintaining an Information Security Management System (ISMS) aligned with standards such as ISO 27001 and DESC ISR.
• Demonstrated experience in information security governance, risk assessment, compliance management, and audit coordination.
• Hands on involvement in security architecture design reviews, risk mitigation planning, and security controls implementation across enterprise environments.
• Exposure to cybersecurity frameworks and regulations, such as NIST, COBIT, ITIL, and ISO standards.
• Strong background in incident response, business continuity, disaster recovery planning, and vendor risk management.
• Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer / Lead Auditor, CISA, or CEH are highly desirable.
• Deep understanding of information security principles, including risk management, threat modelling, and secure systems design.
• Strong leadership and stakeholder management skills with the ability to influence security culture organization wide.
• Excellent communication, presentation, and report writing skills for both technical and executive audiences.
• Up to date knowledge of cybersecurity trends, threats, technologies, and best practices.

Seniority level

• Associate

Employment type

• Full time

Job function

• Project Management, Information Technology, and Quality Assurance
• Industries: Non profit Organizations, IT Services and IT Consulting, and Computer and Network Security

Referrals increase your chances of interviewing at Dubai Chambers by 2x