Cybersecurity Compliance & Auditing Officer

Position Overview:

As a Cybersecurity Auditor, you will play a critical role in evaluating and assessing the security posture of an organization's information systems, networks, and infrastructure. You will conduct thorough audits to identify vulnerabilities, analyze security controls, and ensure compliance with industry standards and regulations. Your expertise will contribute to enhancing the overall security resilience of the organization and safeguarding its valuable assets.

Key Responsibilities:

1. Perform Security Audits: Conduct comprehensive security audits of information systems, networks, and technology infrastructure to identify vulnerabilities, potential risks, and compliance gaps.
2. Compliance and Standards: Evaluate and ensure adherence to industry standards, best practices, and regulatory requirements such as ISO 27001, NIST, GDPR, HIPAA, PCI DSS, etc.
3. Fulfill local authorities' cybersecurity compliance requirements by fulfilling technical and administrative control that includes certifications, asset management, setting policies, procedures and strategy.
4. Risk Assessment: Assess the effectiveness of security controls, risk management processes, and incident response plans to identify areas of improvement and potential risks.
5. Vulnerability Assessment: Conduct vulnerability assessments and penetration testing on systems, applications, and networks to identify weaknesses and recommend remedial actions.
6. Audit Planning and Execution: Develop audit plans, execute audits, and provide detailed reports with findings, recommendations, and remediation strategies.
7. Security Policies and Procedures: Review and evaluate the organization's security policies, procedures, and guidelines to ensure they align with industry standards and best practices.
8. Security Awareness and Training: Promote cybersecurity awareness throughout the organization by conducting training sessions, workshops, and providing guidance on secure practices.
9. Collaborate with Stakeholders: Engage with various teams, including IT, risk management, compliance, and legal, to gather information, validate findings, and ensure alignment with organizational objectives.
10. Stay Updated: Keep up-to-date with the latest industry trends, emerging threats, and technological advancements in cybersecurity to enhance audit techniques and knowledge.

Requirements:

1. Education: bachelor's degree in computer science, Information Systems, Cybersecurity, or a related field. Relevant certifications such as CISSP, CISA, CISM, CEH or similar are highly desirable.
2. Experience: A minimum of 3 years of experience in cybersecurity, information technology, or audit-related roles, with a focus on security assessments and audits.
3. Strong Knowledge: Deep understanding of cybersecurity principles, standards, frameworks, and regulations. Proficient knowledge of network security, operating systems, databases, and cloud environments.
4. Audit and Assessment Skills: Experience in conducting security audits, vulnerability assessments, risk assessments, and penetration testing. Familiarity with audit methodologies, tools, and frameworks.
5. Compliance Expertise: Demonstrated experience with compliance requirements and standards such as ISO 27001, NIST, GDPR, HIPAA, PCI DSS, etc.
6. Knowledge in United Arab Emirates Cybersecurity regulations is plus.
7. Analytical Thinking: Strong analytical and problem-solving skills to identify security gaps, assess risks, and provide effective recommendations for remediation.
8. Communication Skills: Excellent written and verbal communication skills to prepare detailed reports, present findings to stakeholders, and provide guidance on security best practices.
9. Attention to Detail: Meticulous attention to detail to identify vulnerabilities, evaluate security controls, and validate compliance with policies and standards.
10. Collaboration: Ability to collaborate effectively with cross-functional teams, build relationships, and influence stakeholders to prioritize security initiatives.
11. Continuous Learning: Proactive attitude towards self-learning and staying updated with the evolving cybersecurity landscape.