JOB PURPOSE
To manage Information Security activities and ITSM processes related to Airport IT Operations. To ensure Security, Quality, and Compliance of Systems, Services, and Processes. To ensure IT Process Alignment with Business and Stakeholder Requirements.
To manage Information Security activities and Information Technology Services processes governance relating to IT Operations to ensure confidentiality, integrity, and availability of systems, services, and associated information are in tune with business and stakeholders needs and adhering to regulatory & statutory requirements.
ORGANISATION CHART
Head of IT Operations
KEY ACCOUNTABILITIES
Strategy and Governance
- Reducing gap between current state and desired state to acceptable risks.
- Roll out corporate initiatives as per corporate guidelines.
- Propose, review, and recommend cost-effective solutions.
- Design and review Security Architecture.
- Design and review Security Performance metrics.
- Review Policy effectiveness.
Key Performance Indicators:
- Number of Reviews.
- Number of Architectural Changes.
Information Risk Management
- Asset Classification.
- Business Impact Assessments.
- Threat and Vulnerability evaluations.
- Risk Assessment and Risk Management.
- Evaluate information security controls and countermeasures.
- Integrate risk, threat, and vulnerability identification and management into the information management life cycle.
- Vulnerabilities Management.
- Formulate and review Risk Acceptance Criteria.
Key Performance Indicators:
- Number of Risks Identified/Mitigated.
- Number of Critical Incidents.
Information Security Program Development and Management
- Identify and evaluate information security technologies, emerging trends.
- Align information security architectures with changing business needs.
- Develop information security standards, procedures, and guidelines.
- Implement and communicate information security policies, standards, procedures, and guidelines.
- Design controls and review controls effectiveness.
- Information security requirements are embedded into contracts and third-party management processes.
- Design, implement, and report security metrics for testing the effectiveness and applicability of information security controls.
Key Performance Indicators:
- Number of deviations from Policy.
- Percentage compliance.
Information Security Incident Management
- Manage Security Operations Center.
- Escalate unresolved issues.
- Schedule and conduct Vulnerability, Penetration, and Configuration tests and report findings, track findings to closure.
- Evaluate incident and problem-related security incidents.
- Security Log alerts review.
- Coordinate forensics and analysis with vendors SLA.
Key Performance Indicators:
- Percentage of Critical Incidents.
- Impact on CIA (Confidentiality, Integrity, Availability).
IT Service Delivery and Support
- Implement Plan, Do, Check, and Act management system.
- Design ITIL-compliant processes and procedures.
- Roll out ITIL-compliant processes and procedures.
- Design of Metrics and KPIs.
- Design of SLAs.
- Support IT services in floating RFPs and proposals.
- Review effectiveness of Metrics and KPIs.
- Awareness and Training.
- Customer Satisfaction Surveys.
- IT Services Complaints Management.
- Vendor and Supplier Performance Feedback.
- Configuration Audits.
Key Performance Indicators:
- Number of Service Improvements.
- Percentage Backlogs (Problem/Change).
- Adherence to BCP (Business Continuity Plan).
IS / IT Audit Process Management
- ISO 20000/270001 compliance.
- Schedule internal and external audits.
- Internal auditor/management representative.
- Review audit findings.
- Conduct management review meetings.
- Corrective and preventive actions.
- Improve management systems.
Key Performance Indicators:
- Number of NCs (Non-conformities).
EXTERNAL INTERACTIONS
Concessionaires/Regulatory Agencies/Airlines
: Information Security approvals for new service requests, Non-disclosure Agreements (NDAs), MDI Acceptance and awareness on Information Security Policy, Regulatory and Legal Compliance, Data Privacy and Protections, Incidents/Breaches, Quality assurance.Vendors
: Information Security Policy Compliance, Physical and Environmental controls in the use of facilities, Review of Incidents/Breaches, Regulatory and Legal Compliance, Contracts and Procurement Info Security Guidelines, Upgrades/Releases/Patches, Security Bulletins, Awareness and Training, Vulnerability and Security Assessment tailored to business needs, SLA Reviews, Audits, Event and Log Correlation, Quality Assurance.Implementation Partners (Dubai Technology Partners, TCL, TTSL, BSNL, Pathfinder, IBM, KRONOS)
: Review for security policy compliance with Data and Privacy regulations, Quality Assurance.OEMs (UFIS, RESA, IER, SAFEGATE, BOSE, SIEMENS COMMUNICATION, SITA)
: Performance Review, SLA Review, Incidents and Problem Review, Legal and Regulatory Compliance, Security Policy Compliance, Quality Assurance.
INTERNAL INTERACTIONS
Business Units
: Aligning Business Requirements with security policy, Awareness Programs, Compliance and Regulatory Requirements, Contractual Requirements.Human Resources
: Pre-entry, entry and exit, Physical and Environmental Requirements, Business Continuity Tests, Access Controls, Quality Assurance.Joint Venture Partners (HMACPL, HDFRL, NOVOTEL, FUEL FARM)
: Security policy alignment with business requirements, Security Awareness, Regulatory and Legal Compliance, SLA Reviews, Quality Assurance.GHIAL Employees
: Policy awareness, Policies compliance, Trainings, Incident Reporting and Management, Quality Assurance.DIAL IT & Corporate IT
: Share best practices.CISO
: Ensure corporate requirements are rolled out to business units (GHIAL), Review technological and business unit security requirements, Quality Assurance.
FINANCIAL DIMENSIONS
- OPEX AOP SIEM Log monitoring and Compliance.
- Cost optimization and Revenue maximization assurance activities.
OTHER DIMENSIONS
Team Size
: 1Customers
: 130End Users
: 1000+ (staff across HIAL, GADL & other companies inside the campus using IT services)
EDUCATION QUALIFICATIONS
- Required:
B.E (Computers / Electronics / IT)
- Required:
Postgraduate in Computer/IT
- Required:
CRISC (Certified in Risk and Information Systems Control)
or CISA
or CISM
- Desirable:
MBA
RELEVANT EXPERIENCE
- Minimum 9-11 years in IT with at least 8 years in Information Security, Quality, and Assurance functions.
COMPETENCIES
- Personal Effectiveness
- Social Awareness
- Entrepreneurship
- Problem Solving & Analytical Thinking
- Planning & Decision Making
- Capability Building
- Strategic Orientation
- Stakeholder Focus
- Networking
- Execution & Results
- Teamwork & Interpersonal Influence
