Senior IT Security Certification Specialist

This position plays a critical role in ensuring the integrity, consistency, and credibility of the certification process, while collaborating with developers, evaluators, and regulatory stakeholders. The specialist also contributes to the development of certification policies and stays current with emerging cybersecurity threats, technologies, and standards.

• Senior Certifier is responsible for the conduct
  of the day to day certification, validation, oversight, certificate maintenance
  and mutual recognition with the common criteria standards.
  
• Ensuring that the highest standards of
  competence and impartiality are maintained, and that consistency is achieved
  across all evaluation and certification activities;
  
• Possess a deep understanding of Common Criteria
  standards, Protection Profiles, Security Targets, Evaluation Assurance Levels
  (EALs), and related documentation
  
• Provide guidance and mentorship to CB team
  members Certifiers and evaluators, ensuring their understanding of the
  certification process and helping them with complex evaluations.
  
• Lead and oversee the review and assessment of
  documentation submitted by product developers, including Security Target
  documents, design specifications, and test plans.
  
• Conduct advanced technical risk assessments,
  identifying potential security weaknesses or flaws in products or systems and
  providing expert guidance for mitigation.
  
• Oversee and manage the testing phase, ensuring
  that security testing is conducted rigorously and accurately.
  
• Conduct of day -to -day certification, certificate
  maintenance and mutual recognition projects and in compliance with scheme
  documentations.
  
• Assisting with the development of policies,
  standards, procedures and guidelines.
  
• Make recommendations regarding certification at
  specific Evaluation Assurance Levels (EALs) based on extensive evaluation
  expertise and knowledge of the certification process.
  
• Stay up -to -date with the latest developments in
  security, emerging threats, and evolving technology to ensure the certification
  process remains relevant.
  
• Collaborate with stakeholders, such as
  developers, evaluators, and national certification authorities, to ensure a
  consistent and accurate evaluation process.
  

Requirements

• A university degree -level qualification in IT,
  information security or a related field. ideally with a focus on security
  domains.
  
• Certification from a recognized Common Criteria
  certification body and previous experience as a Certifier is desired
  
• IT Security Overview Training and certification
  
• Common Criteria for IT Security Evaluation
  Training and certification
  
• Minimum 8 years
  
• Minimum 4
  years of work experience as a Senior IT / Information Security / Cyber Security
  Auditor and/or Risk Management and/or Cyber Security/Information Security
  Management.
  
• Proficiency in Arabic and English (spoken and
  written) is preferred
  

Other Required Qualifications:

• Analytical and problem -solving skills
  
• Proven experience in IT and Information Security
  Assessment
  
• Common Criteria for IT Security Evaluation
  Training
  
• Experience in Risk Assessment and management.
  
• Should have hands on experience in information
  security
  
• Understanding of ISO27001 certification audit
  requirements
  
• Excellent communication, documentation, and
  report -writing skills.
  
• In -depth knowledge of security testing
  methodologies and tools.
  
• Have analytical & assessment experience of
  formal schemes and can assess a situation in a fair and objective manner in
  order to arrive at a firm conclusion.
  
• Have training, workshops planning and delivery
  experience across Government & private sector.
  

Technical:

• Experience in Risk Assessment and management
  including audit methodologies and risk assessment methodologies.
  
• Understanding of NIA controls and implementation
  requirements
  
• Proficiency in security frameworks and standards
  like NIST, ISO27001, NIA.
  
• Strong awareness of Information Security / Cyber
  Security trends.
  

Behavioural:

• Ability to multitask and work effectively with
  multiple project teams, sponsors, and customers.
  
• Ability to pay close attention to detail, meet
  deadlines and work under pressure.
  
• Interpersonal skills
  
• Work autonomously with a high degree of
  enthusiasm
  

Specific:

• Excellent technical report writing skills.
  
• Have capabilities to understand and interpret
  the Certification Criteria (ISO/ IEC 17021, ISO/ IEC 17024, ISO/ IEC 27006 and
  ISO/IEC 17065).
  
• Knowledge of auditing and information assurance
  standards like ISA, ITAF, ISO17021, ISO19011.
  
• Proficiency in security frameworks and standards
  like, ISO27001, NIA, CSF Q2022.
  
• Familiarity with third -party audit,
  Certification and Information Security / Cyber Security audits.
  
• Proven, hands on, experience in Information
  Security Audit or Information Security Management.