Manager- Information Security | (UAE Nationals Only)

Job Purpose

Lead enterprise information security by governing systems, policies, and risk programs aligned to Dubai standards; operate the cyber security function; enforce access and architecture controls; and drive threat-informed improvements, audits, and incident readiness that ensure compliant, resilient operations across RTA.

Roles and Responsibilities

Strategy

• Set, approve, and enforce information-security policies and standards; define and ratify strategic and operational objectives, KPIs, and audit regimes; direct remediation across concerned departments.
• Define and own the risk-management framework, assign accountable owners for risk registers, scenarios, and response plans; order periodic reviews and updates with agencies and sectors.
• Institutionalize and mandate RTA-wide awareness for employees, suppliers, and contractors with measurable targets; approve annual awareness plans and cadence.
• Lead and approve financial governance for information security, sanction the annual budget and forecasts, prioritize projects aligned to strategy, monitor execution, and authorize adjustments with relevant departments.

Operations

• Commission Vulnerability Assessments and Penetration Testing (VAPT) plans to assess readiness; order preventive/ corrective measures; direct risk-based audits on projects/ systems and enforce on-time completion.
• Govern reporting, investigations, and incident handling with internal/external stakeholders; direct Security Operations Center (SOC) operations for response and systems security; approve incident evaluations and mandate implementation of recommendations.
• Enforce access control governance, approve eligibility, order privilege audits, direct network/ system traffic monitoring, and ratify compliance reporting.
• Oversee and mandate threat-intelligence collection and analysis on internal and external risks; direct investigations of technical suspicions with concerned authorities; authorize threat scenarios, commission mock exercises, and report readiness.
• Govern Information Security Management System (ISMS) implementation and resourcing; ensure operation per approved policies/procedures; monitor and enforce conformance with audit recommendations and maintain official follow-up records.
• Approve and govern business-continuity and remedial plans for technical systems with concerned departments; require periodic tests and ratify updates for effectiveness.
• Submit and brief senior leadership with periodic reports on strategy execution, audit status, exercise results, threats, and performance indicators.

Product/Process Improvement

• Direct improvements from audits, simulations, incidents, and threat intelligence; approve updates to policies, standards, and ISMS controls; enforce closure of audit observations and prioritized risks.
• Govern supplier performance via KPIs; challenge results, order corrective actions, and verify adherence to information-security clauses.
• Mandate benchmarking and trend monitoring to refine programs and architectures; approve RTA-wide process enhancements and best-practice adoption to uplift preventive controls.

Qualifications

• Education : Bachelor’s degree/ Master’s degree in Computer Science/ Information Technology/ Information Security/ Cyber Security
• Experience : 12+ Years in case of Master’s degree (14+ years in case of Bachelor’s degree)
• Certifications (Preferred) : CISSP, CISM, ISO/IEC 27001 Lead Implementer/ Auditor, ITIL, COBIT

Technical Competencies

• Crisis & Emergency Management
• Cybersecurity & Information Risk Management
• Disaster Recovery & Business Continuity
• Governance, Risk & Excellence Programs
• Policy Analysis and Development
• Quality Management and Enhancement
• Strategic Planning & Execution Management
• Threat Intelligence & Analysis