Job description
About Vista
Vista Global Holding provides worldwide business flight services. A global group headquartered at the DIFC in Dubai, Vista Global integrates a unique portfolio of companies offering asset-light services to cover all key aspects of business aviation: guaranteed and On Demand global flight coverage; aircraft leasing and finance; and cutting-edge aviation technology.
ESSENTIAL FUNCTIONS include the following but are not limited to:
- Perform hands-on gap analysis to identify information security risks on systems.
- Assess the effectives of security measures and solutions currently in place and suggest ways to enhance the security posture.
- Prepare Monthly Security Reports for management which include KPOs, KPIs, and recommendations.
- Document security related incidents and identify cause and effect.
- Create formal reports of security related incidents.
- Implement internal and external security audits.
- Implement penetration tests.
- Ensure that that third-party vendors meet the desirable security standards.
- Identify potential risks on IT systems and follow through the Risk Process to resolution.
- Assist in creating and maintaining security strategy.
- Respond and investigate queries from staff on issues relating to Information Security.
- Respond to wider Information Security incidents if and when they occur.
- Work with the business to ensure alignment with the security roadmap.
- Manage and maintain Information Security Policies.
- Champion Information Security across all functions of Vista.
- Other related duties as assigned.
- 3+ years' experience in an Information Security Analyst role
- Deep understanding of common Information Security frameworks (NIST, ISO27001, SOC2, CIS).
- Hands on experience with Vulnerability Assessment and Vulnerability Management.
- Strong working experience with securing Cloud deployments including PAAS, IAAS and SAAS
- Experience with penetration testing and managing external penetration testers.
- Able to work with IT Risk Management processes.
- Experience with collecting, analyzing and reporting data of security incidents (IT Systems Forensics).
- Able to identify security risks through correlation of information.
- Ability in creating detailed reports on security incidents.
- Hands on experience with SIEM tools.
- Knowledge of EDR, MDR and XDR solution and their principals.
- Experience with IT Incident Response.
- Proven record in designing security solutions for a variety of systems and environments.
- Familiarity with Social Engineer techniques and principles.
- Understanding of Data Compliance (GDPR)
- Good understanding of IT Infrastructure and Networking (Cloud and On-Premises).
- Good understanding of Secure Software Development Lifecycle.
- Excellent analytical, communication (written and oral), and interpersonal skills
- A keen interest in Information Security.
- Experience with Identity Provider (IDP) solutions.
- Good understanding of Security Architecture
- Familiar with Cyber Threat Intelligence (CTI) principles.
- Has worked before in the aviation sector.
- Information Security, Cyber Security or related Information Technology Degree.
- Information and/or Cyber Security certifications (CISSP, CEH, CRISC, CISA, ECSA, NIST, SOC2, Cloud Security related, CySA+, Security+ etc.)
PHYSICAL ACTIVITIES AND REQUIREMENTS OF THIS POSITION:
The physical demands described here are representative of those that must be met by an employee to perform the essential functions of this job successfully. While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to sit; stand; walk; use hands to finger, handle or feel, and reach with hands and arms; move about the facility. Some light physical effort is required. Must be able to work well under pressure.