Job Purpose: 1. JOB PURPOSE Plan, develop, implement and manage a
comprehensive corporate, as well as regulated CyberSecurity (CS) Redteam
(ethical hacking) and CyberSecurity Assurance program to ensure the
confidentiality, integrity and availability of information owned, controlled
or processed by or on behalf of the Emirates Group. The role is accountable
for providing end to end CyberSecurity assurance activities across the entire
Group. This includes redteaming, penetration testing and security-by-design as
well as privacy-by-design accountability & oversight within the IT delivery
teams under the Emirates Group. 2. JOB ACCOUNTABILITIES LINKED TO OBJECTIVE
AREAS 1. Drive and own CyberSecurity redteam, penetration testing as well as
CS Assurance activities providing consulting services to all global and local
entities under The Emirates Group including Application Assurance, Web and
Mobile Assurance, Infrastructure Assurance, Compliance Assurance and Program
Assurance. 2. Deliver a global strategy and roadmap to implement skills and
technologies delivering the respective services to The Emirates Group with a
focus on faster identification and remediation throughout the whole Lifecycle.
This part of strategy is a core element of the overall cybersecurity posture
of the group representing the preventive side of the security strategy. 3.
Overall responsibility of implementing and embedding security, privacy and
regulatory compliance by design principles (shifting CyberSecurity left in our
application live cycle) ensuring these fundamental requirements are embedded
into the IT organisation. 4. Provide monthly executive reporting (manage
through data) on the current state of CyberSecurity by design and drive
remediation where required. 5. Provide CyberSecurity consulting to the
business in projects. Articulating and communicating CyberSecurity
concepts/information effectively to senior business stakeholders on all
levels. 6. Take overall responsibility for continuous CyberSecurity Assurance
improvement in IT and the Business through embedding Assurance capabilities
into the Agile Release Trains (ARTS) as well as a delivering on a roadmap to
embed DevSecOps into the Emirates IT Culture to drive the development of
secure systems that protect the Emirates Group from CyberSecurity threats long
term. This role is accountable for the education and continuous upskilling of
business stakeholders (also including IT) and ensuring that CyberSecurity and
Assurance and prevention is part of the Emirates Group culture. 7. Lead,
coach, and mentor the team of high performing CyberSecurity professional's
individuals, providing servant leadership whilst facilitating professional
development and opportunities for growth. Foster a climate of systematically
embedding a culture of security, quality and continuous improvement, ensuring
the customer needs are met and expectations exceeded whilst supporting the
team through continuous, transparency and openness, to grow and maintain trust
with the wider business. Enable optimal, fit for purpose staffing by ensuring
the Group CyberSecurity Assurance team is adequately resourced and kept up to
date with changing standards, technologies and processes. Ensure an
appropriate talent pipeline for these niche skilled resources 8. Build and
deliver a fit for purpose RedTeam capability and drive towards a purpleteam
excercises without losing oversight and governance. 9. Drive industry best
practice research to continuously improve Group CyberSecurity redteam,
pentesting and CS Assurance capabilities. Leadership Role Yes CRITICAL
COMPETENCIES Competencies Level Delivering 4 - Executive Business Thinking 4 -
Executive Developing Talent 3 - Manager Drive 4 - Executive Providing
Direction 4 - Executive Engaging Others 4 - Executive ANNEX I: OBJECTIVES AND
RELATED FINANCIAL DETAILS - Contributory management and influencing to overall
IT run costs of AED 1.7b and yearly investment costs of AED 581m. - This role
is a major driver to reduce the exposure of data breaches that result in
leakage of customer data can result in fine of up to 4% of profits under GDPR.
- This role is ensuring operational availability of Business critical services
(e.g. Airline operational systems or revenue creating booking systems) by
reducing the risk of operational outages driven through denial of services
attacks. This role reports directly to the Group Cyber Security
Qualifications & Experience: MINIMUM
QUALIFICATIONS/EXPERIENCE/KNOWLEDGE/SKILLS Qualifications: In an IT related
specialism Experience: Relevant experience in CyberSecurity and application
security including experience in technology and security leadership experience
of which at least five years should be at a senior level in CyberSecurity
specifically in assurance, pentensting or redteaming functions, within an
operational multinational environment. Relevant experience in building a
security & privacy by design capability within agile delivery teams. Hands-on
experience in a global - complex environment is a plus Redtean lead experience
or penetration testing experience is a plus Knowledge/skills:
Knowledge/understanding of the following: - Software Engineering and Software
Development Lifecycle - Agile Ways of working / process flows - IT Measures
and Metrics (KPIs) - IT Quality Management - Security Incident Response -
Regulatory CyberSecurity & privacy compliance - DevSecOps experience is a plus
- Redteam - Blueteam - Penetration testing
Salary & Benefits: Join us in a management role and enjoy an attractive tax-
free salary. On top of our generous travel benefits, including discounted
flights and hotel stays around the world, this managerial role also has an
excellent leave and healthcare package. That's on top of transport benefits,
life insurance and more.