The Information Security Manager is responsible for protecting the university’s computers, servers, network, applications, and data against information security threats, such as security breaches, computer viruses, cyber-attacks, etc. Suggests strategies, approaches, and tools necessary to ensure the confidentiality, integrity, and availability of university electronic data.
Main roles & responsibilities
- Develop and direct the implementation of information security standards and best practices.
- Continuously review, implement and maintain effective security policies, procedures, and practices.
- Develop and assure the implementation of different types of internal AI & Technology division (AIT) audits and assessment activities to ensure continuous improvement within AIT.
- Regularly review AIT compliance with relevant information security policies, procedures, laws, and regulations, and alert Vice Chancellor for AIT (VCAIT) to any non-compliance findings together with the recommended action plans.
- Analyze information security logs for security violations and anomalies, collect incident responses, and carry out forensic investigations when required.
- Conduct penetration testing activities including network penetration testing, web application penetration testing, wireless penetration testing, and communicate the findings with the mitigation procedures to VCAIT.
- Ensure proper protective and/or corrective measures are taken when an information security incident or vulnerability is discovered within a system or application.
- Implement controls for the execution of risk treatment plans and updates the risk register.
- Ensure the AIT continued compliance and certification for ISO 27001. Be the focal point for AIT for internal and external audits.
- Perform information security-related awareness sessions for university stakeholders, as necessary.
Required qualification & skills
- 5 years of relevant IT experience including 3 years of experience in a management position.
- Bachelor’s degree in computer science or computer engineering from an accredited university. Master’s degree is an advantage.
- Information security certificates (CISSP and CISM).
- AWS native services, especially as related to security and infrastructure.
- Network technologies (protocols, design concepts, access control).
- Security technologies (encryption, data protection, design, privilege access).
- Information security standards and frameworks such as ISMS.
- Interpersonal and communication skills .
- Ability to work effectively with a wide range of constituencies in a diverse community.
- Analytical and problem-solving abilities to identify and fix security risks.
- Ability to lead and execute an audit throughout the end to end process.
- Ability to plan, organize, lead and control.
- Ability to deal with complex issues.
- Ability to gather data, compile information and prepare reports.
- Ability to develop, plan, and implement short- and long-range goals.
- Excellent communication skills in English language; Arabic language is an advantage.