Information Security Manager (Kuwait City, Kuwait)

Information Security Manager (Kuwait City, Kuwait)

Our client is one of the premier insurance companies in Kuwait, they specialise in life, health and auto insurance premiums.  They are an innovative technology driven insurance group which services a large market share of the Kuwait insurance market.

Role Purpose

• Establish and maintain a corporate-wide information security management program to ensure that information assets are adequately protected.
• Identify, evaluate and align with and supports the risk posture of the Company
• Perform activities including very tactical, operational, and strategic activities in support of Information security Initiatives, such as Strategic Support, Security liaison, Architecture/engineering support and operational support.

Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security to ensure that the integrity, confidentiality, and availability of information are owned, controlled, or processed by the organization.
• Facilitate information security governance through the implementation of a hierarchical governance program.
• Develop, maintain and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices. § Develop and manage information security budgets, and monitor them for variances
• Develop and enhance an information security management framework
• Develop and enhance an Information Security Risk Management for the current IT environment.
• Ensure Effective implementation of information security policies and procedures.
• Develop any required information security policies and procedures when needed.
• Ensure compliance with the regulatory requirements related to IT and information security § Ensure compliance with information security international best practices (I.e. ISO 27001, NIST, etc.)
• Safeguards information system assets by identifying, solving potential and actual security problems, and recommending possible solutions.
• Perform vulnerability assessments, network architecture and configuration reviews, information security audits & penetrations tests
• Provide Information security training and awareness sessions to end users to elevate the Information Security awareness level. § Perform adequate monitoring of the corporate network for possible attacks or intrusions. § Security Incident reporting, mitigation, and resolution.
• Protects the system by defining access privileges, control structures, and resources.
• Recognizes problems by identifying abnormalities; reporting violations.
• Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Recommend information security solutions or initiatives as needed.
• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Work with the company architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with the IT department to align existing technical installed base and skills with future architectural requirements.
• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory, and audit requirements.
• Prepare the manpower budget pertaining to required staffing levels, training, and development, internal mobility, and succession.
• Identify objectives and KPIs, review the performance and potential of staff, and make/approve decisions relating to appointment and termination, promotions and salary adjustments, disciplinary action, succession planning and development plans.
• Ensure increasing levels of employee satisfaction and improve the efficiency of manpower.
• Make requisite attempts to handle all grievances raised by subordinates in a prompt and effective manner. Builds knowledge across teams, acquiring and sharing business-critical information and leads on a range of briefings.
• Prepare periodic and ad hoc reports and presentations.
• Document and maintain records of activities and process workflows.
• Adhere to the Company’s policies and health and safety regulations.
• Perform other duties as requested by management.

Qualifications

• Primary Qualification: Post Graduate Diploma in IT (Bachelor Degree + 1 or 2-year diploma) or equivalent degree or Certification with 10 years of experience.

  or

• Alternative: Bachelor’s degree (12th Standard + 3 years or 4 years degree) in IT or equivalent and 3 years of additional experience.

• Certifications required CISA, CISSP, CISM, ISO27001, CEH.
• Linguistic Abilities: English and Arabic is a must.
• Strong leadership skills § Project management skills.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Excellent verbal, written, and interpersonal communication skills § Experience working with legal, audit, and compliance staff.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical, and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Familiarity in application technology security testing and experience in system technology security testing.