Application Security Administrator

Job Purpose

 The primary function of the Applications Security Admin role is to develop and implement a comprehensive information security program on all company’s applications. This includes defining security policies, processes and standards. The Applications Security Admin Safeguards information system assets by identifying and solving potential and actual security problems

Principal Accountabilities

  Works with Rawabi's business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:

 Business system analysis.

 Communication, facilitation and consensus building.

 Assists in the coordination and completion of information security operations documentation.

 Develop strategies and plans to enforce security requirements and address identified risks.

 Reports to Rawabi's management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

 Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.

 Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.

 Works with Rawabi's IT department and members of the information security team to identify, select and implement technical controls.

 Develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.

 Advises security administrators on normal and exception-based processing of security authorization requests.

 Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments.

Penetration Testing and Vulnerability Assessments

 Develops a common set of security tools. Defines operational parameters for their use, and conducts reviews of tool output.

 Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.

 Defines testing criteria for systems and applications.

 Is the primary individual responsible for the execution of risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.

Definition and Implementation of Controls

 Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.

 Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment.

Incident Detection and Response

 Provides second- and third-level support and analysis during and after a security incident.

 Assists security administrators and IT staff in the resolution of reported security incidents.

 Participates in security investigations and compliance reviews, as requested by internal or external auditors.

 Acts as a liaison between incident response leads and subject matter experts.

 Monitors daily or weekly reports and security logs for unusual events.

Audit Support

 Manages relationship with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners.

 Works within the information security governance process to define control recommendations that are both efficient and effective.

 Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes.

 Supports e-discovery processes to include identification, collection, preservation and processing of relevant data.

Information Security Architecture

 Assists in the development of security architecture and security policies, principles and standards.

 Participates in the enterprise architecture (EA) community, and provides strategic guidance during the EA process.

 Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.

 Researches and assesses new threats and security alerts, and recommends remedial actions.

 Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.

3. Health & Safety Responsibilities

 Complies with established health and safety guidelines and procedures and ensures the health, safety and welfare of self and others

 Identifies and reports to management any Health, Safety or Environmental risks and makes suggestions to address these risks and co-operate with his/her supervisor’s instructions.

4. Communications and Working Relationships

 Participates as an active member in the strategic planning process of the ERP systems across the organization.

 Develops communication plans; work closely with business process stakeholders to define training and post-installation support requirements.

 Interacts with external suppliers of Oracle ERP System and database administration services.

 Interfaces with the other IT team members, and provides them with support when needed.

 Interacts with and update Business Applications Manager all Oracle ERP Project related issues and concerns.

Qualifications

5. Knowledge, Skills, Experience and Qualifications

 Bachelors and/or Master’s Degree.

 4-6 years of experience in a similar position, with experience in designing, developing, testing, implementing, supporting and providing security solutions.

 Certified Application Security Specialist (CASS)

 In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.

 Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

 Experience in developing, documenting and maintaining security policies, processes, procedures and standards.

 Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.

 Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation.

 In-depth knowledge of risk assessment methods and technologies.

 Proficiency in performing risk, business impact, control and vulnerability assessments.

 Strong understanding of business applications, including ERP and financial systems.

 Excellent technical knowledge of mainstream operating systems [Microsoft Windows or/and Oracle Solaris] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

 Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.

 Audit, compliance or governance experience is preferred.

 Excellent verbal and written communication skills. Ability to work as part of a team or independently.

6. Physical Requirements of the Job - If Applicable

 The job of the Application Security Administrator do not require local or international travel