Vice President - Information Security

About the Role

The Vice President - Information Security is responsible to define and
implement GEMS Education's information security strategy aligned with existing
local and global Information Security and Data Privacy regulations and best
practices. Additionally, she/he will be responsible to plan and implement
information security and data privacy measures and responses aimed to protect
the GEMS Education network, systems, and data against breach, accidental or
unauthorized damage, modification or disclosure.
The role also will be instrumental in promoting information security and data
privacy awareness to employees by communicating information security and data
privacy policies and procedures on a regular basis and monitoring compliance.
Key Accountabilities:
Strategic
* Lead the development of effective information security and data privacy strategy; monitor its implementation across GEMS Education.
* Lead the development of information security and data privacy policies, procedures, and processes. Establish information security guidelines and standards as per industry best practices.
* Review progress of Information Security against KPIs on a regular basis.
* Lead the efforts towards regulatory compliance to the local Data Protection and Data Privacy laws as applicable to GEMS Education.
* Collaborate with IT teams to review architectural designs, including application security setups and use of the network, and evaluate compliance to applicable security standards in alignment with business objectives.
Operational
* Lead the design, implementation, operation, and maintenance of the Information Security Management System
* Develop information security and data disaster recovery plans to ensure uninterrupted business operations and avoid the loss of sensitive data.
* Oversee the installation of security infrastructures such as firewalls, IDS/IPS, anti-virus and anti-spam applications, and wireless security.
* Develop an information security plan to ensure confidentiality, integrity, availability, accountability, and compliance.
* Lead the identification, investigation, and handling of information security and data privacy violations and incidents (e.g., virus infections, compromised information, data integrity problems) in compliance with approved information security and data privacy procedures.
* Lead information security risk assessments and controls selection activities; recommend mitigation plans as well as improvements when needed.
* Identify and analyze emerging threats to GEMS' information security and develop mitigation plans.
* Promote information security and data privacy awareness to employees by communicating policies and procedures on a regular basis and monitoring adherence to such policies and procedures, standards, and guidelines
* Act as a functional advisor on information security and data privacy matters including routine information security activities and emerging information security risks.
* Oversee monitoring and review of information security and data privacy violations and reports on a regular basis to ensure that these are investigated, escalated to appropriate levels of management as necessary, and corrective actions are taken in a timely manner.
* Ensure the enforcement of information security and data privacy controls.
* Assist in conducting vulnerability assessments, attack and penetration testing, and risk assessments in relation to GEMS' information security infrastructure.
* Ensure high standards of confidentiality and privacy protection to safeguard commercially sensitive information and personal data.
* Lead the development of Information Security Management System (ISMS) as defined by international security frameworks, such as ISO ‎27001
* Oversee the identification of the data protection & privacy regulations in the region and lead the compliance management process.
* Lead the implementation and development of student online safety and awareness program.
People Management
* Supervise the team in their day-to-day tasks and guides them in managing their performance by providing appropriate feedback and counseling.
* Perform periodic performance reviews for direct subordinates based on GEMS Education's Performance Management framework.
* Contribute to the development of employees through identifying appropriate learning and development needs.
Qualifications, Experience & Skills:
* Graduate or Post Graduate Degrees in Information Security, Computer Science, Engineering, or a related technical degree.
* Internationally recognized professional certification e.g. (CISSP, CISA, CISM, ISO ‎27001 (ISMS) Implementer / Lead Auditor, CRISC will be an added advantage)
* At least ‎5 years of experience in a leadership position role managing teams. Preferably as a Head of Information Security.
* Detailed understanding of risk management framework.
About Your Benefits
An attractive remuneration package is on offer to the successful candidate
including tax-free salary, medical cover, tuition fee concessions, annual
leave, and end of service benefits.