Head of Cyber Security

The Head of Cyber Security leads Keolis-MHI’s (KM) enterprise-wide information security and cybersecurity management program, ensuring the comprehensive protection of both IT (Information Technology) and Rail OT (Operational Technology) environments. This role encompasses implementing, maintaining, and continually improving the ISO 27001:2022 standard while ensuring compliance with data privacy regulations, notably UAE Law No. 45 of 2021. A key focus is bridging IT and Rail OT cybersecurity to safeguard the critical infrastructure of RTA Dubai Metro and Dubai Tram. The Head of Cyber Security ensures the CSMP functions as a strategic framework for defining, prioritizing, and aligning cybersecurity initiatives with organizational and regulatory objectives, fostering a proactive security culture across KM’s operations.

KEY RESPONSIBILITIES

Strategic

• Enhance and oversee the implementation of the information security management framework, incorporating ISO 27001:2022 standards, data protection regulations, and GRC principles, while aligning Rail OT and IT security strategies with KM's organizational goals.
• Collaborate with leadership to develop and maintain a comprehensive cybersecurity and data privacy roadmap that supports KM's strategic goals and ensures regulatory compliance.
• Lead the implementation, maintenance, and continual improvement of the ISO 27001:2022 standard within the Dubai Metro Business ICT environment; this involves defining and managing the information security management system (ISMS) processes in alignment with business objectives to ensure the confidentiality, integrity, and availability of information assets.
• Ensure KM's compliance with UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data. Serve as the primary point of contact for data protection matters, evaluating and enhancing the data protection framework to maintain robust privacy practices across all operations.
• Provide guidance on data protection compliance, ensuring alignment with local and international regulations, and fostering a culture of data privacy within the organization.
• Oversee the effective utilization of Nozomi Networks IDS and the ELK Stack-based SIEM for proactive monitoring and threat detection in Rail OT systems.
• Collaborate with the SECOPS Team to ensure alignment of maintenance-related cybersecurity tasks with organizational goals and the Maintenance Plan Table (MPT).
• Ensure the integration of CSMP activities into the organization’s broader information security framework and oversee their effective execution to align with RTA’s objectives and compliance requirements.
• Regularly review progress on CSMP initiatives, identify potential gaps, and implement corrective actions to ensure objectives are achieved within agreed timelines.
• Continuously review and align the CSMP objectives with emerging cybersecurity trends, technological advancements, organizational changes, and evolving RTA regulations to maintain a forward-looking security strategy.

Financial

• Manage and optimize information security, cybersecurity, data protection, and GRC budgets, ensuring cost-effectiveness and alignment with KM's financial strategies.
• Lead financial planning and resource allocation for cybersecurity, data protection, and GRC initiatives, ensuring adequate investments in IT and Rail OT-specific projects, ISO 27001:2022 certification maintenance, and compliance with data privacy laws.
• Define, review, and manage the cybersecurity budget for conducting Vulnerability Assessments (VA), Penetration Tests (PT), Privacy Impact Assessments (PIA), and other cybersecurity activities (including threat intelligence, incident response, and consultancy services) with the support of the KM Finance Business Partner team

Stakeholder / Customer 

• Act as the primary cybersecurity liaison, DPO, and GRC leader, fostering strong relationships with internal teams, RTA, and external stakeholders. Provide expert guidance on cybersecurity, Rail OT security, and data protection in compliance with UAE Law No. 45 of 2021.

     Tactical / Project Management

• Oversee the tactical implementation of cybersecurity, data protection, and GRC strategies, collaborating closely with operational teams to ensure effective execution, drawing on significant senior experience.
• Monitor and report on the progress of tactical initiatives, addressing challenges, and refining strategies as necessary, utilizing senior-level problem-solving skills.
• Lead and participate in Proof of Concept (PoC) initiatives to assess the feasibility and effectiveness of new cybersecurity technologies or solutions, requiring senior expertise.
• Collaborate in defining and planning cybersecurity projects, including outlining objectives, scopes, timelines, and resource requirements, based on extensive experience.
• Conduct cyber risk assessments to identify vulnerabilities, threats, and potential impacts, contributing to the development of risk mitigation strategies, requiring senior judgment.
• Design, implement, and evaluate phishing simulations to strengthen employee awareness and organizational resilience against phishing threats.
• Manage and oversee specific cybersecurity projects, ensuring strict adherence to project plans, budgets, and timelines, with senior-level oversight.
• Direct the SECOPS Team in monitoring, detecting, and responding to cyber incidents across both Business ICT and Rail OT environments. The SECOPS Team consists of 1 SECOPS Lead, 3 SECOPS Analysts, and 3 Junior SECOPS Analysts, working in a 24/7 rotating shift model to provide continuous monitoring and response capability.
• Establish on-call support protocols for the SECOPS Team to ensure 24/7 cybersecurity monitoring and response capability for both Business ICT and Rail OT systems.
• Collaborate with Rail OT and IT teams to integrate advanced threat detection systems, ensuring alignment with KM's cybersecurity strategy.
• Oversee the integration of PM and CM tasks into the overall cybersecurity framework, ensuring timely execution and adherence to the MPT.
• Supervise the planning, execution, and documentation of activities outlined in the CSMP, ensuring alignment with organizational goals and RTA’s regulatory requirements.
• Prepare and present periodic progress updates on CSMP implementation to internal and external stakeholders, including the RTA.
• Develop and maintain a detailed action plan for CSMP initiatives, assigning responsibilities, tracking milestones, and ensuring timely communication with stakeholders, including RTA.

Operational 

• Coordinate with SECOPS, IT Operations, and related teams to execute vulnerability assessments, penetration testing, and forensic audits, ensuring robust security measures across environments.
• Work with the other teams to integrate new systems with security, data privacy, and GRC policies, facilitating risk management processes and developing recovery policies to minimize operational disruptions while ensuring compliance.
• Ensure operational cybersecurity tasks are executed effectively, with strategic oversight of integration between IT and Rail OT systems to uphold resilience and compliance.
• Oversee the SECOPS Team's use of IDS consoles from Nozomi Networks and the future SIEM for Rail OT based on the ELK Stack.
• Manage, define, and review the objectives of the SECOPS Team members in line with QHSE DIRECTOR instructions.
• Coordinate with SECOPS Team members to monitor and report on the progress of PM and CM tasks, ensuring proper documentation and alignment with cybersecurity objectives.
• Coordinate with SECOPS and relevant teams to ensure day-to-day security operations are aligned with CSMP objectives, addressing tasks such as vulnerability assessments, incident response, and compliance measures.
• Ensure that day-to-day cybersecurity operations directly support CSMP objectives, emphasizing timely risk mitigation, incident resolution, and adherence to compliance mandates, with a focus on operational efficiency.

Capability / People 

• Lead staff training programs in cybersecurity awareness, data protection, and GRC practices, ensuring that all employees are well-informed about their responsibilities under data protection laws, cybersecurity best practices, and GRC principles, based on senior experience.
• Ensure compliance with relevant legislation, ISO standards, RTA/government regulations, and data protection requirements within agreed budgets, fostering a culture of security, privacy compliance, and GRC excellence among the KM workforce, leveraging senior expertise.

   

• Enhance the training programs to include the specific roles and responsibilities of the Team in cybersecurity awareness, data protection, and GRC practices, drawing on senior insights.

   

• Foster a culture of security, privacy, compliance, and GRC excellence within the team, guided by senior leadership.

   

• Act as a People Manager, providing leadership and mentorship to senior specialist and SECOPS team members, fostering high performance and career development across IT and Rail OT environments with a focus on team structuring, performance review, career progression, and operational coordination of a 24/7 security monitoring setup.

• Mentor Senior members of the Team, guiding their professional development and helping them achieve their career goals within the organization, using extensive experience

    Authority

The Head of Cyber Security is authorized to:

• Define, approve, and enforce cybersecurity, Rail OT security, data protection, and GRC policies, standards, and controls across all Keolis MHI IT and Rail OT environments.
• Approve, delay, or block the go live, change, or continued operation of systems, services, or maintenance activities where cybersecurity or data protection risks are not adequately mitigated.

• Require remediation actions or formal risk treatment plans from IT, Rail OT, Maintenance teams, suppliers, or contractors as a condition for system approval or continued operation.

• Escalate significant cybersecurity, Rail OT, or data protection risks and incidents directly to the QHSE Director and, where required, to top management, the Managing Director, RTA, and relevant regulators.

• Act as the owner and representative of the ISMS, CSMP, and cybersecurity governance framework, including representing Keolis MHI during audits, regulatory reviews, and RTA cybersecurity assessments.

• Provide executive oversight and directive authority over cybersecurity operations and incident response, with day-to-day operational execution delegated to the SECOPS Lead.

• Delegate the execution of GRC, ISMS, and data protection activities to direct reports while retaining overall accountability for compliance, audit outcomes, and risk acceptance.

• Define cybersecurity needs, priorities, and resource requirements, and provide recommendations to the QHSE Director for budget approval and financial planning.

• Represent Keolis MHI as the primary cybersecurity authority in engagements with RTA, DESC, Keolis Group, auditors, and cybersecurity partners.

• Report independently to the QHSE Director and top management on cybersecurity posture, key risks, incidents, audit findings, and improvement actions.

DIMENSIONS

• The role is primarily office-based with occasional travel for stakeholder engagements, specialized cybersecurity and data protection training, and participation in global Rail security forums to stay informed about the latest industry trends and practices.
• The role reports directly to the QHSE Director and manages two direct reports, overseeing a total team size of 8.
• The Head of Cyber Security is responsible for ensuring that all tasks and initiatives outlined in the CSMP are integrated into the day-to-day operations of the SECOPS and GRC teams and are executed within stipulated timelines to meet RTA’s expectations.

EDUCATIONAL QUALIFCATIONS