Information Security Operations Lead
Confidential Company
Posted 9 min ago
Send me Jobs like this
Experience
6 - 10 Years
Job Location
Education
Bachelor or Master in Information Technology(Information Technology), Bachelor of Technology/Engineering
Nationality
Any Nationality
Gender
Any
Benefits
Medical Insurance, Annual Air Ticket
Vacancy
1 Vacancy
Job Description
Roles & Responsibilities
Job Description:
Policy & Compliance – Maintain IT/IS policies aligned with NIST, ISO 27001, UAE CB, and GDPR; ensure audit readiness via periodic reviews.
Risk Management – Lead enterprise risk assessments, maintain a dynamic cybersecurity risk framework, and prioritize remediation by business impact.
Zero Trust & Network Security – Design Zero Trust segmentation, mTLS, NDR, resilient perimeters, and secure remote access to block lateral movement and exfiltration.
VAPT – Plan VAPT across OS, AI, cloud, apps, network, and mobile; track remediation, coordinate external pen tests, and integrate findings into VM.
Cloud & Container Security – Embed DAST/SAST, container scanning, and SCA into CI/CD; enforce IaC scanning, image signing, runtime protections, CIS hardening, secrets management, and runtime containment (AWS/Azure/GCP).
Endpoint & Identity Protection – Operate EDR/XDR, secure boot, immutable images, automated patching, PAM with JIT elevation, HSM encryption, tokenization, ephemeral DB credentials, DLP, and data classification with retention/disposal.
Key Responsibilities:
Security Ops & Third-Party Governance – Run SIEM/MDR, SOAR, threat hunting, incident response with lessons learned; manage vendor due diligence, attestations, PIAs, and act as primary liaison for audits/regulators.
Maintain IT/IS policies aligned with NIST, ISO 27001, UAE CB, and PCI DSS; conduct periodic reviews.
Participate enterprise risk assessments and maintain a dynamic Cybersecurity Risk Management Framework.
Design and operate Zero Trust segmentation, mTLS, NDR, resilient perimeters, and secure remote access.
Plan and oversee VAPT across all environments (OS, AI, cloud, apps, network, mobile); manage remediation tracking.
Secure cloud/container environments (AWS/Azure/GCP) by embedding SAST/DAST, container scanning, SCA, IaC scanning, and runtime protections.
Operate and review security controls including SIEM, EDR, Email Security Gateway, WAF, Antivirus; conduct regular security reviews to assess effectiveness.
Desired Candidate Profile
Domain Expertise
Regulatory compliance (NIST, ISO 27001, UAE CB) + Enterprise risk assessment
Zero Trust architecture + Network security (mTLS, NDR, segmentation) + Secure remote access
VAPT (OS, AI, cloud, apps, network, mobile) + Cloud/container security (AWS/Azure/GCP) + CI/CD security (SAST/DAST/SCA/IaC)
IAM + PAM + Patch Management + DLP + Endpoint protection (EDR/XDR, Antivirus)
Security operations (SIEM, SOAR, threat hunting, incident response) + Security controls review (WAF, Email Gateway, EDR, Antivirus) + Third-party governance and Dark web monitoring
Education: Bachelor or Master in Information Technology
Experience: 6–10 years in Banking/Fintech
Certifications: CISA, ISO 27001, CEH, Risk management or CISSP, CISM).
Employment Type
- Full Time
Company Industry
Department / Functional Area
Keywords
- NIST
- ISO 27001
- Risk Assessment
- Network Security
- VAPT
- Cloud Security
- CI/CD Security
- Patch Management
- EDR/XDR
- SIEM
- WAF
- Incident Response
- TPRM
Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com
Confidential Company