Specialist, Cybersecurity GRC III - Urgent Hire

We are looking to hire an organized Specialist, Cybersecurity GRC III to join our passionate team at Ma’aden in Riyadh Riyadh Province
Growing your career as a Full Time Specialist, Cybersecurity GRC III is a terrific opportunity to develop competitive skills.
If you are strong in people management, persuasion and have the right mindset for the job, then apply for the position of Specialist, Cybersecurity GRC III at Ma’aden today!

1. JOB DETAILS:

Position Title:

Specialist: Cyber Security GRC

Broad Band:

M09: Professional

Department & Function:

Ma’aden Cyber Security

Talent Pipeline Layer:

Manage Self: Expert/Consultant (MS)

2. OVERALL JOB PURPOSE:

The Specialist: Cyber Security GRC works across the entire Cyber Security division across Ma’aden Corporate and Affiliates in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius. This position is responsible for conducting technology risk assessments, control self assessments, and vendor risk assessments are carried out on a regular basis. This position is also responsible for Cyber security awareness, security performance monitoring, and status reporting as well as developing and setting up required policies and SOPs. Performs compliance and aduit activities.

3. QUALIFICATIONS, EXPERIENCE & SKILLS:

Qualification:

1. Bachelor degree in Computer Science or Management Information Systems with an advanced degree desirable

Experience:

1. At least 2-4 Years' relevant experience

Skills:

1. Good understanding of Cyber Security standards (ISO27001, 22301, 9001, NIST)2. Good understanding of IT / OT technologies.3. Information Security Certification (CISM / CISSP / ISO27001 / ISMS Lead Auditor / ISA/IEC 62443)

4. KEY ACCOUNTABILITIES:

Focus Area

Get results through individual expert contributions, influence & efforts

Operational / Functional

1. Risk Management:- Develop a deep understanding of IT/OT Cyber Security risks and drive the response process in order to minimize the impact of these risks- Understand and explain risks and exposure to IT/OT environments.- Identify the critical assets for overall Ma'aden in the seven countries and maitain & mitigate the risk associated.- Conduct risk and threat research, keeping current with the evolving Cyber threat landscape.- Understand and incorporates Cyber risk assessments reports into Cyber risk registers for IT and OT.- Actively participate in IT/OT Cyber Security risk assessments across Ma’aden- Govern Cybersecurity risks across Ma’aden- Conduct third party and vendor risk assessment / audit programs- Support the Manager: Cyber Security GRC by contributing to the development of a comprehensive Risk Management Framework that sets the tone for assessments and threat management across Ma’aden- Support the Manager: Cyber Security GRC by contributing to the establishment of a Data Security Governance Framework, Data Risk Governance, Data privacy compliance Framework, Data privacy assessment, Cloud data privacy management- Support the Manager: Cyber Security GRC by contributing to the establishment of a Risk Intelligence center (RIC) covering Common control framework, cloud risk2. Strategy, Governance & Compliance:- Monitor the application of the Security Governance Framework and model across Ma’aden- Facilitate the execution of the Ma’aden Cyber Security Strategy across the organization- Execute governance, risk and compliance (GRC) initiatives and activities across Ma’aden- Provide input on Cyber Security policies, standards, procedures and the Unified Control Frameworks (UCF)- Ensure continous and peridical review of all governance related in terms of policies, processes, frameworks and controls.- Communicate GRC objectives to ensure appropriate compliance and risk aware culture- Provides IT/OT Cyber Security consultation to stakeholders across Ma'aden in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius

1. Consistently deliver solutions which contribute to business results and improved competitiveness (consulting advice, business options)2. Deliver quality solutions/ service cost effectively on time and within risk parameters3. Provide advice that are generally accepted and implemented on programmes and systems, creating a competitive advantage for organization, leading to quality results4. Continuously develop extensive knowledge relating to the field of work and personal mastery in technical skills application5. Deliver Cost effective results6. Risk results7. HSE targets8. Conduct Research & Development that leads to new solutions being implemented in the organization

Leadership

1. Capability building:- Builds awareness of IT/OT Cyber Security governance areas through Training & awareness- Subject Matter Expert in IT/OT Cyber Security Coaching, Problem solving, and Risk Management tools and techniques2. Quality Assurance:- Develop a Cyber Security awareness, training program and related strategy for users across Ma’aden- Provide Quality Assurance & Compliance advice and services to improve service delivery performance and enhance customer satisfaction- Conduct internal audits to check compliance of IT/OT Cyber Security standards, and propose plans to close gaps as part of the Internal & External Audit “Non-Conformance (NC)” and Observations closure process- Coordinate with IA to build the audit scope and program for General Computer Controls (GCC) audits- Identifying improvement areas, reassess and challenge standardization needs, identification of automation opportunities across Ma’aden, etc.- Report product quality level before any external delivery and stop delivery if quality standards are not met

1. Understand, support and live the Ma'aden vision, values and goals2. Expert utilization & direction through selling and obtaining support for value adding ideas leading to business improvement3. Takes accountability for personal improvement, personal development, skills development and effectiveness4. Expertise transfer, sharing and development5. Plan and project management6. Establish Policies, practices, standards, procedures and methods; application, review and development7. Deliver expert solutions as a thought leader, to meet changing business & work requirements through Trends, analysis, problem solving and quality decision making8. Process and risk impact, reporting and corrective action9. Extract, capture and disseminate Knowledge within knowledge management standards

Relationships

1. ICT-SSWork with ICT functions to ensure proper understanding and adherence to the Cybersecurity controls needed for IT environments across Ma'aden covering but not limited to: aligning the Cybersecurity Unified Controls, Cybersecurity Policies and procedures, Cybersecurity frameworks, Government regulatories, Risk assessment methedology for IT infrastructure, support IT projects by reviewing security architecture and ensure proper security controls are considered.

2. Internal / External AuditSupport and oversee Internal / External Audits activities for Cybersecurity in IT and OT, provide required information and evidences to confirm the level of compliance and manage the closure of the reported audit observations and support Ma'aden Corporate and affiliates in the seven countries to address and close any Cybersecurity related observations.

3. Ma’aden affiliatesAlign and build the relationship with the several business functions in Ma'aden to provide the guidelines, policies, procedures and frameworks of Cybersecurity in the seven countries covering: ensure Cybersecurity framework and policies embedded part of the Affiliates models, conduct periodical risk assessment on operational processes and OT infrastructure and confirm the level of compliance against the Cybersecurity controls, support IT/OT projects by reviewing the security controls and ensure they are considered.

4. Operational Technology (OT) and Industrial Control Systems (ICS) Stakeholders in Ma'adenSupport and provide the OT and ICS functions across Ma'aden with required guidelines, policies, procedures, standards and controls. conduct periodical risk assessments to confirm the level of maturity and compliance of OT security controls.

5. Security Service providersSelect and work with the potential security vendors that can provide required consultancy services. Support and maintain strong relationship with the vendors to ensure sustainable and efficient support level.

7. Business Continuity and Crisis ManagementPrimary liaison between key stakeholders of MA’ADEN’s BC plan e.g. Senior Management, Directors and Managers, Staff, Consultants, vendors and auditors in the seven countries

1. Creating effective stakeholder and expert networking relationships (e.g. customers, suppliers, universities and specialist bodies)2. Demonstrate influential relationships with manager peers and company business leaders3. Contractor/consultant relations & management4. Communication of expertise (best practices, technical reports, position statement) in a collaborative and consultative approach which consistently meet business needs5. Develop and facilitate the implementation of New solutions in area of expertise6. Participate in and maintained expert networks

5. COMPETENCIES:

Technical/Functional

1. Cyber Security Risk Management2. IT Service Management3. ISO 27001 - Security Governance / Audit4. ISO 27002 - Information Security Controls5. ISO 27005 - Risk Management6. Enterprise Architecture7. IT/Solution Architecture8. Security Architecture Controls Implementation9. Cloud Security10. Product / Vendor Security Certifications11. ISA/IEC 62443

Leadership

1. Leadership2. Teamwork3. Integrity4. Care5. Ownership6. Accountability7. Communication8. Time Management, Planning and Organization

Safety

• Safety advocate - anywhere and everywhere• Advanced awareness and understanding of HSE rules and procedures• Concern for own wellbeing and that of others• Ability to pro-actively identifying safety hazards and act accordingly

#J-18808-Ljbffr

Benefits of working as a Specialist, Cybersecurity GRC III in Riyadh Riyadh Province:

● Learning opportunities
● Advancement opportunities
● Competitive salary