Every employee at Al Rostamani Group plays a role in making a real difference to the business and our customers. We care for our employees by offering them meaningful and purposeful work and an opportunity to grow, learn, contribute and succeed. Today, the Al Rostamani Group has come a long way since its birth in 1957. Our group has grown steadfastly with the guiding principles of Commitment, Care & Vision, alongside a strong sense of active involvement in the community. We are a well-diversified group, with a key presence in industries such as General Trading, Automobiles and Heavy Equipment, Travel, Foreign Exchange, Financial Services, Property Management, Construction, Infrastructure Development and Information Technology Services. Our Group employs approximately 2000 people from 41 different nationalities, which contributes to our multicultural and multi-national environment.

QUALIFICATIONS

• Bachelor’s degree or higher in a relevant field.
• Security certifications such as Certified Ethical Hacker (CEH) or CompTIA Security+ are preferred.

EXPERIENCE

• Proven experience (typically 3+ years) in information security.

KNOWLEDGE AND SKILLS

• Strong knowledge of cloud security, cybersecurity frameworks, standards, and best practices.
• Strong understanding of IT governance frameworks, regulatory requirements, and industry standards
• Excellent communication and interpersonal skills.
• Demonstrated ability to influence and collaborate with cross-functional teams.
• In-depth understanding of risk management, compliance, and governance principles

Experience in managing data protection mechanisms, preferably on cloud platforms like Microsoft Purview.

• Knowledge of the Microsoft Defender Suite and the Identity and Access Management suite.
• Understanding security solutions such as NAC, PAM, EDR, DLP, SIEM, SOAR, and NDR.
• Knowledge of security configurations in cloud platforms, e.g., AWS, Azure, and Microsoft 365.

At Al Rostamani Group, we seek talented people who work hard to achieve great things. We consider not only your skills and experience, but also your passion for the role, your desire to learn and how well you align with our core values of care, commitment and vision. If this position represents an opportunity you wish to pursue, we invite you to apply.

JOB PURPOSE

The Information Security Analyst is a key technical role responsible for protecting the organisation’s digital information assets. This position is critical in identifying and mitigating security threats, ensuring adherence to security policies and regulations, and maintaining a resilient cybersecurity infrastructure. The analyst will work closely with the IT Security & Governance Manager, the Group Information Technology and various departments to implement security measures, monitor network activity for potential threats, and respond to security incidents. Additionally, they will assist in developing security protocols, conduct regular security assessments, and provide recommendations to enhance the organisation’s security posture.
The Analyst will collaborate with cross-functional teams, provide insights to senior management, and foster a culture of security awareness throughout the organisation.

TECHNICAL RESPONSIBILITIES

• Vulnerability Assessment and Penetration Testing: Conduct comprehensive VA/PT across IT infrastructure, including servers, web applications, APIs, and mobile applications.
• Security Incident Response: Investigate and respond to security incidents, including preparing incident reports and documentation.
• Security Configuration Management: Monitor and maintain security configurations in cloud platforms (AWS, Azure, Microsoft 365) and administer technical controls like firewalls, WAF, NAC, PAM, etc.
• Secure Coding Practices: Identify vulnerabilities in application code and provide technical guidance to development teams on secure coding practices.
• Data Protection Tools Management: Monitor and maintain data protection tools such as DLP, Data Classification, Email Gateways, SWG, EDR, MDM, and SOC dashboards.
• Technical Due Diligence: Conduct technical due diligence on new applications, assessing their architecture, performance, scalability, and compliance with security standards.
• Security Technology Research: Actively research, evaluate, and drive next-generation security technologies and solutions to meet organizational requirements.
• Network Traffic Analysis: Analyse network traffic, intrusion attempts, activity logs, and system alerts for trends, anomalies, and potential security breaches.

BUSINESS RESPONSIBILITIES

• Audit Coordination and Remediation: Support the coordination of internal and external audits, track security audit findings, and report remediation efforts.
• Governance Policy Management: Support the development, maintenance, and regular review of governance policies, procedures, and frameworks.
• Security Training and Awareness: Assist in developing and delivering security training programs and awareness campaigns for employees.
• Compliance Monitoring: Monitor adherence to IT and security governance frameworks and recommend improvements.
• Vendor Liaison: Liaise with vendors for POCs and demos of new IT security requirements.
• Security Requirements Analysis: Analyse business requirements and provide objective advice on IT security needs.
• Employee Support: Address employee concerns or questions on various aspects of security and compliance and gather feedback to improve systems.