Position Title: Manager Cybersecurity

About Etisalat

Etisalat Afghanistan is 100% owned subsidiary of Etisalat UAE. Etisalat is one of the largest telecommunications companies in the world

Job Responsibility

Responsibilities
The Cyber Security Manager develops strategic and tactical plans for Cybersecurity Governance department and manage the IT risk management activities and initiates. He/She establishes the governance framework for information security to provide assurance that information security strategies are consistent with EA information security policies, applicable laws and regulations. He/She identifies key security initiatives and programs through a risk-based approach. He/She communicates new security initiatives and manage the Cybersecurity budget to ensure alignment with business requirements and objectives.
The Cybersecurity Manager monitors and reports the performance of the Cybersecurity program to EA management and advises management on the impact of the organization’s key risks with the required mitigation strategies and controls.

• Serve as a technical subject matter expert throughout the implementation and maintenance of security infrastructure and solutions; define and oversee the documentation of detailed standards (e.g., guidelines, processes, procedures)
• Oversee the modernization of cybersecurity architecture and recommend best practices.
• Analyze and correlate information security events to identify appropriate mitigation strategies.
• Assess the effectiveness of the information security measures against the organizational KPI/KRIs.
• Execute IT Risk assessment activities for identification, assessment, mitigation, and monitoring of risks.
• Collaborate with other Head of Departments for timely identification and management of risks.
• Standardize and Enforce Cybersecurity Policies, Baselines and Standards.
• Establish a standard methodology for performing security tests in accordance with Etisalat Afghanistan’s security requirements.
• Advanced understanding of ISO 27001 and NIST Framework Required for assessment and implementation of security controls.
• Establish procedures and processes, tools and technologies to continuously monitor the activities and behaviors of systems in the network.
• Develop and implement audit activities to provide oversight of internal compliance with information security policies and procedures and make recommendations to effect change when necessary.
• Analyze reports generated by the monitoring system to identify trends that might indicate a future risk.
• Provide oversight of third-party vendors to ensure compliance with information security standards and requirements.
• Review agreements and contracts for alignment and enforcement of information security requirements.
• Work closely with other teams to ensure proper execution, alignment, and effectiveness of security initiatives.
• Identify threats and risks that are relevant to organization’s operations, systems, and strategic activities.
• Monitor the effectiveness of action plans in addressing information risks.
• Prepare information security performance report based on results from analysis and correlation of information security events and incidents.
• Recommend suitable enhancements to improve information security KPIs and KRIs.
• Review business and security environment to identify existing security requirements.
• Review security policies, standards, and procedures by considering the threats identified and other information collected.
• Test incident response plans periodically to ensure response times and executed procedures are acceptable.
• Plan and Execute Cybersecurity awareness program.
• Design, build, and maintain a robust and leading security infrastructure.