Senior IT Security Auditor- DP World, Dubai
Job Description
Job Purpose
To perform IT Security, Cyber security and IT audits at any DPW group location either independently or as part of a team to assess the adequacy of IT and IT Security incl. Cyber control procedures in line with OWASP, NIST, COBIT (and Security), ISO27001, DPW HO IT policies.
To produce effective and accurate IT security audit findings and recommendations to remediate the control weaknesses and improve the overall maturity of the control processes
To focus on IT Security, Cyber and technical IT Audits – conduct security audits on all IT infrastructure, systems, Operational technology and IoT, including but not limited to network, databases, applications, hack / penetration tests, data loss prevention, cloud systems.
Key Accountabilities
To plan and conduct IT and Cyber security assessments and audits for all DP World BU’s and IT products, define audit scope, report findings in a concise easily understood manner. Customise the scope of each audits after evaluating key IT Security and Cyber risks prevalent in the industry, IT landscape and across the group, along with the Manager IT Security Audit and Head of Tech Audit.
The auditor will support and enforce security controls in alignment with the established Security policies, guidelines and leading best practices. The auditor will also be aware of business needs and will work to maintain presence of security controls throughout the DP World group
Executing on various IT and IS audits, particularly within the CyberSec and Cloud Tech space
Develop, execute and maintain comprehensive IT security testing and audit work programs.
Clearly document and advise all findings and recommendations to Head of Tech Audit and to business unit management as necessary.
Work with GIA IT Security Audit team to define and document IT Security controls baseline for DPW.
Follow-up O/S Audit Issues with business units twice per annum and provide status data on Open/Closed issues to IA Manager/Deputy/CIA as required
Keep up to date with the IT industry trends and advancements by investing in self-learning and being an active member and contributor at IT/ Cyber Security related organizations such as Cloud Alliance, SANS Security, OWASP, ISACA, ISC2, IT security forums, Cyber Security groups, Seminars – IT Security – threats and controls, Emerging IT, Security and Cyber Risks.
Support the Head of Tech Audit and other GIA members on non-audit related projects and initiatives.
Accumulate and Share good practices within the DPW terminal portfolio and external entities.
Develop and maintain professional relationship with auditees’ IT teams to create an expert network, leverage the global expert network, promote synergy within various DPW IT departments
Other
Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Founder’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies
Perform other related duties as assigned
Qualifications, Experience and Skills
Knowledge & Experience
Good technical experience with technology infrastructure risk and controls, Network, O/S (Windows or Linux/Unix), Cloud, Database, Mainframe, and/or Middleware security control reviews
Knowledge of cybersecurity controls, infrastructure technology, technology governance and assessments, Cryptography, OSI model, Security architectures, ethical hacking / cyber security tools and toolsets e.g. Kali, Backtrack, Nethunter
Strong knowledge on application development life cycle SDLC, Agile, DevOps, CI/CD with concept on GitHub, Artifactory, Jenkin, micro-service, infrastructure as a code etc.
Experience with scripting tools on Windows and Linux (e.g. PowerShell, Python, Ruby, etc.)
Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.
Experience in using Virtualization solutions such as VMware, Hyper-V etc.
Strong knowledge of Cloud platforms and technologies – Docker, containers, Kubernetes, IaaS/PaaS/CaaS/SaaS.
2+ years of work experience within (or dealing with) a Security Operations Centre (SOC)
Industry experience in IT e.g. OS administration, network administration, firewall configurations and controls, IT security implementation, etc. is beneficial.
Sound understanding of traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
Sound understanding of Endpoint Detection and Response techniques and tools such as Carbon Black, Palo Alto Cortex, Checkpoint etc.
Skills
Strong organizational, time management, decision making, and problem-solving skills
Experience performing audits or assessments of information security programs, processes and controls is a plus
Strong analytical and problem-solving skills in order to identify process improvement opportunities and potential solutions to operational issues.
Strong communication and presentation skills (verbal and written); must be able to communicate effectively with individuals at multiple levels and backgrounds across various business units, functions and regions within the company (including senior management).
Strong project management, communication, collaboration, problem resolution and stakeholder management.
Independently plan and complete work seeking guidance from Head of Tech Audit as needed.
Consistently document relevant facts and information which support the work performed and effectively evaluate audit results, weighing the relevancy, accuracy, and perspective of conclusions against the accumulated audit evidence.
Work with Group and Regional IT departments to promote best practice, IT policy compliance and consistent products and practice.
Qualifications
Bachelor's Degree (B.A., B.S.), or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems, or related curriculum 8 years' experience in the field or in a related area
Good communicator with analytical and problem solving skills, good commercial acumen and ability to work closely with people at all levels of the organisation and facilitate the implementation of corrective action
Proficiency in languages e.g. Arabic, French, Spanish, Cantonese, Mandarin, Tagalog an advantage
Ability to work as a team player with flexible hours often in split environments.
3-4 year of relevant general Information Technology experience, desired
Min. 2 Security industry relevant certifications such as CISA, CIA, ISO 27001 Lead Auditor, CISM, CISSP, NIST CSF, HISP, CSX, GIAC, MCSE/MCSA, CCNA, CCNP, CompTIA Security+, GSEC, GISF, CEH.
Able to travel between 50% and 70% of the time to locations around the world
Apply Here:
No comments:
Post a Comment