The Cybersecurity and Data Protection Officer’s role is to ensure the secure operation of on-premise and hosted computer systems, servers, and network connections. This includes checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, and troubleshooting. The incumbent will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required, work with cloud vendors and evaluate their security practices, and ensure Amideast’s compliance with required cybersecurity standards.

RESPONSIBILITIES:

• Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices
• Implement, maintain, and monitor security compliance such as ISO, NIST, and SOC
• Design and advise on the implementation of disaster recovery plan for operating systems, databases, networks, servers, and software applications
• Design and implement incident response plans based on filed office laws and regulations
• Design, implement, and monitor data protection policies and procedures
• Assess need for any security reconfigurations and execute them if required
• Conduct email phish-hunting and submit malicious senders for blocking through anti-phishing policy
• Execute Amideast’s security awareness program and report on user compliance.
• Keep current with emerging security alerts and issues
• Conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts
• Interact and negotiate with vendors, outsourcers, and contractors to obtain protection services and products
• Recommend, schedule, and perform security improvements, upgrades, and/or purchases
• Participate in deploying, managing, and maintaining all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software
• Guide connection security for local area networks, Company website, Company intranet, and e-mail communications
• Guide the security of Amideast databases and data transferred both internally and externally
• Design, perform, and/or oversee penetration testing of all systems to identify system vulnerabilities
• Design, implement, and report on security system and end user activity audits
• Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution
• Recommend, schedule (where appropriate), and apply fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach
• Evaluate new security software and/or technologies
• Provide on-call security support to end-users

QUALIFICATIONS AND SKILLS:

Required

• College diploma or university degree in the field of computer science with focus on Cybersecurity and 5 years equivalent work experience.
• One or more of the following certifications:
• Certified Ethical Hacker (CEH)
• GIAC Security Essentials Certification
• GIAC Certified Enterprise Defender
• ISACA Certified Information Security Manager
• Microsoft Certified Systems Engineer: Security
• (ISC)2 SCCP
• (ISC)2 CISSP
• (ISC)2 ISSAP
• Knowledge of regulatory requirements and industry standards, such as GDPR, HIPAA, NIST, and ISO 27001
• Hands-on experience implementing at least one security standard compliance for an organization and leading the certification process
• Knowledge of applicable practices and laws relating to data privacy and protection and working experience implementing at least one privacy standard
• Knowledge of law enforcement practices and procedures in the US and the MENA region
• Intuition and keen instincts to preempt attacks
• Strong practical experience conducting penetration testing and vulnerability assessments
• High level of analytical and problem-solving abilities
• Ability to conduct research into security issues and products as required
• Broad hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices
• In-depth technical knowledge of network, PC, and Microsoft and Linux operating systems
• Working technical knowledge Microsoft Cloud Security Portal for Office365.
• Working technical knowledge of current systems software, protocols, and standards
• Strong knowledge of TCP/IP and network administration/protocols
• Hands-on experience with devices such as hubs, switches, and routers
• Strong interpersonal and oral communication skills
• Highly self-motivated and directed
• Strong organizational skills
• Excellent attention to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Able to work in a team-oriented, collaborative environment

Preferred

• Fluency in Arabic and/or French languages

WORK ENVIRONMENT:

The incumbent in this position will work primarily from home. Professional office space can be made available when requested and depending on space availability. The incumbent will utilize the following equipment:

• Computer (laptop or desktop)
• Printer/Photocopier/Scanner/Fax
• Telephone

This position requires a non-standard work schedule aligned with U.S. Eastern Time. Typical hours involve a later start and extended evening availability to meet business needs.

Up to 5% business travel may be needed to support business initiatives as needed.

The physical demands and work environment that have been described is representative of those an employee encounters while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position description is an overview of the major functions and requirements of this position. This document is not intended to be an exhaustive list encompassing every duty and requirement of the position; the Employee’s supervisor may assign other duties as related or as otherwise deemed appropriate and necessary within the general scope, without the need for additional compensation.

Amideast is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Positions that involve interaction with children will be required to read, acknowledge, and comply with and attend special training in accordance with the Child Protection and Safeguarding policy. All Amideast representatives must comply with the Code of Conduct and all applicable organizational policies.