Responsive Navbar

Information Security Analyst

Job Description

Roles & Responsibilities

Job Title: Director/VP – Information Security Analyst
Job Summary

The Director/VP of Information Security is a high-level executive responsible for developing, implementing, and maintaining an enterprise-wide cybersecurity strategy that protects the organization’s data, systems, and assets. This role involves working closely with executive leadership, IT teams, legal departments, and external regulators to ensure cybersecurity risk is effectively managed while aligning security initiatives with business objectives. The Director/VP also leads security operations, ensures compliance with regulations, manages security teams, and directs incident response efforts.

Key Responsibilities

Strategic Leadership and Governance

  • Develop and execute a comprehensive cybersecurity strategy aligned with organizational goals.
  • Establish and enforce cybersecurity policies, procedures, and risk management frameworks (NIST, ISO 27001, CIS, etc.).
  • Oversee the development of security programs, including security architecture, vulnerability management, incident response, and data protection.
  • Lead cybersecurity governance committees and report regularly to executive leadership, board members, and stakeholders.
  • Align cybersecurity efforts with business objectives, ensuring security is a business enabler rather than a bottleneck.

Risk Management and Compliance

  • Oversee risk assessment and management programs, identifying, evaluating, and mitigating cybersecurity risks.
  • Ensure compliance with global cybersecurity laws, regulations, and industry standards (GDPR, HIPAA, PCI DSS, SOC 2, CMMC, etc.).
  • Coordinate with legal and compliance teams to ensure regulatory adherence and manage cybersecurity audits.
  • Conduct and oversee cybersecurity maturity assessments and ensure continuous improvement.

Security Operations and Incident Response

  • Supervise Security Operations Center (SOC) teams, ensuring proactive threat detection and response.
  • Develop and oversee the execution of incident response plans, including forensic investigations, crisis management, and post-incident reporting.
  • Ensure the organization is prepared for cyberattacks, ransomware incidents, and insider threats.
  • Lead threat intelligence programs to anticipate, detect, and respond to evolving threats.
  • Collaborate with law enforcement, federal agencies, and third-party vendors on cybersecurity incidents and threat intelligence sharing.

Technology and Security Architecture

  • Design and oversee enterprise security architecture, ensuring a zero-trust approach and strong identity and access management (IAM).
  • Ensure secure cloud environments, leveraging tools like AWS Security Hub, Microsoft Defender for Cloud, and Google Security Command Center.
  • Oversee endpoint security, network security, and application security programs.
  • Implement security automation, AI-driven threat detection, and security orchestration (SOAR) tools.

Budget and Vendor Management

  • Develop and manage the cybersecurity budget, ensuring cost-effective security investments.
  • Evaluate, select, and manage relationships with security vendors and service providers.
  • Oversee third-party risk management, ensuring vendor security aligns with company policies.

Team Leadership and Development

  • Build and lead high-performing security teams, including hiring, training, and mentoring security professionals.
  • Foster a culture of security awareness and accountability across the organization.
  • Develop security training and awareness programs for employees and executives.
  • Provide leadership and guidance to CISO, security engineers, analysts, and IT staff.

Skills and Knowledge Required

Technical Skills

  • Advanced cybersecurity knowledge, including threat intelligence, penetration testing, incident response, and forensic investigations.
  • Deep expertise in security architecture, cloud security (AWS, Azure, Google Cloud), and network security.
  • Strong understanding of encryption, cryptographic protocols, and secure software development (DevSecOps).
  • Proficiency in security frameworks, compliance standards, and risk management methodologies.
  • Knowledge of cyber resilience strategies, disaster recovery, and business continuity planning.
  • Experience with security automation, AI/ML-driven threat detection, and predictive analytics.

Leadership and Business Skills

  • Executive-level communication and strategic thinking skills.
  • Ability to translate complex security risks into business language for stakeholders.
  • Strong decision-making skills in high-pressure environments.
  • Expertise in budget management and vendor negotiations.
  • Strong ability to build and lead cross-functional teams.
  • Experience with public speaking and thought leadership in cybersecurity.

Educational Qualifications

  • Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Science, or Business Administration (MBA preferred).

Professional Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Chief Information Security Officer (CCISO)
  • Certified Information Systems Auditor (CISA)
  • Offensive Security Certified Professional (OSCP) – optional but valuable
  • GIAC Security Leadership Certification (GSLC)

Key Focus Areas

  • Enterprise cybersecurity strategy and governance.
  • Risk management and regulatory compliance.
  • Security operations and threat intelligence.
  • Executive leadership and cybersecurity culture.
  • Technology adoption and security innovation.
  • Incident response and resilience planning.

Experience

  • 10+ years of experience in information security, with at least 5 years in a leadership role.
  • Previous experience as a CISO, Director of Security, or VP of Cybersecurity in a large enterprise.
  • Strong track record in developing security programs, leading cybersecurity initiatives, and handling security crises.

Tools and Equipment

  • Security Information and Event Management (SIEM): Splunk, IBM QRadar, Microsoft Sentinel.
  • Security Orchestration, Automation, and Response (SOAR): Palo Alto Cortex XSOAR, Demisto, Swimlane.
  • Identity and Access Management (IAM): Okta, Microsoft Entra ID, Ping Identity.
  • Endpoint Detection and Response (EDR): CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne.
  • Cloud Security Tools: AWS Security Hub, Azure Defender, Google Security Command Center.
  • Penetration Testing & Forensics: Metasploit, Burp Suite, EnCase, Autopsy, FTK.
  • Risk and Compliance Management Tools: RSA Archer, OneTrust, ServiceNow GRC.

Other Requirements

  • Strong executive presence and ability to influence business leaders.
  • Willingness to travel internationally to oversee security operations.
  • Ability to handle high-pressure crisis situations with confidence.
  • Active participation in cybersecurity conferences, advisory boards, and industry groups (e.g., ISACA, ISC², SANS, Black Hat, RSA Conference).
  • Passion for continuous learning and staying ahead of emerging cyber threats.

Job Detail
  • Work Type: Full Time
  • Languages to be known :
  • Country: United Arab Emirates
  • City: Dubai
  • Job Category : Information Technology