Company DescriptionCome help us create a better everyday life for the many people. That’s the IKEA vision. We do that by offering a wide range of home furnishings with good design and function at prices so low that as many people will be able to afford them.Do you value simplicity, cost-consciousness, a humble attitude, and willpower? Then an IKEA career may be right for you.We strive for excellent leadership to lead business and people together. We believe people learn and develop best when they perform and deliver in the real world.Job DescriptionPurposeResponsible for overseeing and controlling all aspects of information security in the group. The job entails planning and carrying out security measures that will protect a business’s data and information from deliberate attack, unauthorized access, corruption and theft.AccountabilitiesDealing with risks that include DoS attacks, hacking and unauthorized access to a computer systems, phishing, viruses, spyware, worms, Trojans, the abuse of permission granted to authorized system users, pharming and ransomware.Assessing the risks to computer systems and planning to minimize possible threatsUpgrading existing security systems or designing new onesTesting security products and evaluating themSimulating security breaches to test proceduresMaking plans for disaster recovery in case security is breachedCarrying out corrective actions in the event of a breachLooking for weak points in the system and securing themEnsuring that international and national network security standards are metPreparing technical documentation and reports for users and managers.Provide information security awareness training to organization personnelCreating and managing security strategiesOversee information security audits, whether by performed by organization or third-party personnelEvaluate department budget and costs associated with technological trainingAssess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvementImplement and oversee technological upgrades, improvements and major changes to the information security environmentServe as a focal point of contact for the information security team and the organization and external partiesManage and configure physical security, disaster recovery and data backup systemsCommunicate information security goals and new programs effectively with other department managers within the organization.Work closely with the Head of Risk & Compliance and senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery;Designing and implementation of standards, policies, guidelines and appropriate architectural principles to ensure the firm’s cyber security goals continue to be met.Provide risk based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s strategyRecognize potential opportunities for enhancing the firm’s security, ensuring minimal impact to practitionersMonitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policiesTake ownership and ensure Governance, Policy and Procedures in relation to Management of Information Security meets agreed standards within the group.Manage information security escalations from the Security Operations CenterQualificationsBachelors or master’s degree in cyber security, software engineering, computer engineering or equivalent.Experience5+ years in information risk and information security managementFamiliarity with regulatory requirements related to handling information, including SOX, HIPAA, and Payment Card Industry/Data Security Standard (PCI) and data privacy regulations.Proficiency with firewalls, endpoint security, mobility management, and vulnerability scanningBroad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologiesStrong technical abilities, combined with business understandingAbility to present security topics to a non-technical audience and presenting the business value of securityA good understanding of IT networking and access management conceptsImplement proactive and reactive controls and tools to capture the information security risks and minimize the impactWorking knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environmentKnowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls Specific Designations, Certifications, LicensesCISSP (Must)CISA (Must)CRISC / SABSA (Preferred)ISACA Certified Information Manager (Must)
Information Security Manager
وظائف مديرين /