Number of Applicants
:000+
1. JOB DETAILS:
Position Title: Specialist: Cyber Security GRC
Broad Band: M09: Professional
Department & Function: Ma’aden Cyber Security
Talent Pipeline Layer: Manage Self: Expert/Consultant (MS)
2. OVERALL JOB PURPOSE:
The Specialist: Cyber Security GRC works across the entire Cyber Security division across Ma’aden Corporate and Affiliates in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius. This position is responsible for conducting technology risk assessments, control self assessments, and vendor risk assessments are carried out on a regular basis. This position is also responsible for Cyber security awareness, security performance monitoring, and status reporting as well as developing and setting up required policies and SOPs. Performs compliance and aduit activities.
3. QUALIFICATIONS, EXPERIENCE & SKILLS:
Qualification:
1. Bachelor degree in Computer Science or Management Information Systems with an advanced degree desirable
Experience:
1. At least 2-4 Years' relevant experience
Skills:
1. Good understanding of Cyber Security standards (ISO27001, 22301, 9001, NIST)
2. Good understanding of IT / OT technologies.
3. Information Security Certification (CISM / CISSP / ISO27001 / ISMS Lead Auditor / ISA/IEC 62443)
4. KEY ACCOUNTABILITIES:
Focus Area
Get results through individual expert contributions, influence & efforts
Operational / Functional
1. Risk Management:
- Develop a deep understanding of IT/OT Cyber Security risks and drive the response process in order to minimize the impact of these risks
- Understand and explain risks and exposure to IT/OT environments.
- Identify the critical assets for overall Ma'aden in the seven countries and maitain & mitigate the risk associated.
- Conduct risk and threat research, keeping current with the evolving Cyber threat landscape.
- Understand and incorporates Cyber risk assessments reports into Cyber risk registers for IT and OT.
- Actively participate in IT/OT Cyber Security risk assessments across Ma’aden
- Govern Cybersecurity risks across Ma’aden
- Conduct third party and vendor risk assessment / audit programs
- Support the Manager: Cyber Security GRC by contributing to the development of a comprehensive Risk Management Framework that sets the tone for assessments and threat management across Ma’aden
- Support the Manager: Cyber Security GRC by contributing to the establishment of a Data Security Governance Framework, Data Risk Governance, Data privacy compliance Framework, Data privacy assessment, Cloud data privacy management
- Support the Manager: Cyber Security GRC by contributing to the establishment of a Risk Intelligence center (RIC) covering Common control framework, cloud risk
2. Strategy, Governance & Compliance:
- Monitor the application of the Security Governance Framework and model across Ma’aden
- Facilitate the execution of the Ma’aden Cyber Security Strategy across the organization
- Execute governance, risk and compliance (GRC) initiatives and activities across Ma’aden
- Provide input on Cyber Security policies, standards, procedures and the Unified Control Frameworks (UCF)
- Ensure continous and peridical review of all governance related in terms of policies, processes, frameworks and controls.
- Communicate GRC objectives to ensure appropriate compliance and risk aware culture
- Provides IT/OT Cyber Security consultation to stakeholders across Ma'aden in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius
1. Consistently deliver solutions which contribute to business results and improved competitiveness (consulting advice, business options)
2. Deliver quality solutions/ service cost effectively on time and within risk parameters
3. Provide advice that are generally accepted and implemented on programmes and systems, creating a competitive advantage for organization, leading to quality results
4. Continuously develop extensive knowledge relating to the field of work and personal mastery in technical skills application
5. Deliver Cost effective results
6. Risk results
7. HSE targets
8. Conduct Research & Development that leads to new solutions being implemented in the organization
Leadership
1. Capability building:
- Builds awareness of IT/OT Cyber Security governance areas through Training & awareness
- Subject Matter Expert in IT/OT Cyber Security Coaching, Problem solving, and Risk Management tools and techniques
2. Quality Assurance:
- Develop a Cyber Security awareness, training program and related strategy for users across Ma’aden
- Provide Quality Assurance & Compliance advice and services to improve service delivery performance and enhance customer satisfaction
- Conduct internal audits to check compliance of IT/OT Cyber Security standards, and propose plans to close gaps as part of the Internal & External Audit “Non-Conformance (NC)” and Observations closure process
- Coordinate with IA to build the audit scope and program for General Computer Controls (GCC) audits
- Identifying improvement areas, reassess and challenge standardization needs, identification of automation opportunities across Ma’aden, etc.
- Report product quality level before any external delivery and stop delivery if quality standards are not met
1. Understand, support and live the Ma'aden vision, values and goals
2. Expert utilization & direction through selling and obtaining support for value adding ideas leading to business improvement
3. Takes accountability for personal improvement, personal development, skills development and effectiveness
4. Expertise transfer, sharing and development
5. Plan and project management
6. Establish Policies, practices, standards, procedures and methods; application, review and development
7. Deliver expert solutions as a thought leader, to meet changing business & work requirements through Trends, analysis, problem solving and quality decision making
8. Process and risk impact, reporting and corrective action
9. Extract, capture and disseminate Knowledge within knowledge management standards
Relationships
1. ICT-SS
Work with ICT functions to ensure proper understanding and adherence to the Cybersecurity controls needed for IT environments across Ma'aden covering but not limited to: aligning the Cybersecurity Unified Controls, Cybersecurity Policies and procedures, Cybersecurity frameworks, Government regulatories, Risk assessment methedology for IT infrastructure, support IT projects by reviewing security architecture and ensure proper security controls are considered.
2. Internal / External Audit
Support and oversee Internal / External Audits activities for Cybersecurity in IT and OT, provide required information and evidences to confirm the level of compliance and manage the closure of the reported audit observations and support Ma'aden Corporate and affiliates in the seven countries to address and close any Cybersecurity related observations.
3. Ma’aden affiliates
Align and build the relationship with the several business functions in Ma'aden to provide the guidelines, policies, procedures and frameworks of Cybersecurity in the seven countries covering: ensure Cybersecurity framework and policies embedded part of the Affiliates models, conduct periodical risk assessment on operational processes and OT infrastructure and confirm the level of compliance against the Cybersecurity controls, support IT/OT projects by reviewing the security controls and ensure they are considered.
4. Operational Technology (OT) and Industrial Control Systems (ICS) Stakeholders in Ma'aden
Support and provide the OT and ICS functions across Ma'aden with required guidelines, policies, procedures, standards and controls. conduct periodical risk assessments to confirm the level of maturity and compliance of OT security controls.
5. Security Service providers
Select and work with the potential security vendors that can provide required consultancy services. Support and maintain strong relationship with the vendors to ensure sustainable and efficient support level.
7. Business Continuity and Crisis Management
Primary liaison between key stakeholders of MA’ADEN’s BC plan e.g. Senior Management, Directors and Managers, Staff, Consultants, vendors and auditors in the seven countries
1. Creating effective stakeholder and expert networking relationships (e.g. customers, suppliers, universities and specialist bodies)
2. Demonstrate influential relationships with manager peers and company business leaders
3. Contractor/consultant relations & management
4. Communication of expertise (best practices, technical reports, position statement) in a collaborative and consultative approach which consistently meet business needs
5. Develop and facilitate the implementation of New solutions in area of expertise
6. Participate in and maintained expert networks
5. COMPETENCIES:
Technical/Functional
1. Cyber Security Risk Management
2. IT Service Management
3. ISO 27001 - Security Governance / Audit
4. ISO 27002 - Information Security Controls
5. ISO 27005 - Risk Management
6. Enterprise Architecture
7. IT/Solution Architecture
8. Security Architecture Controls Implementation
9. Cloud Security
10. Product / Vendor Security Certifications
11. ISA/IEC 62443
Leadership
1. Leadership
2. Teamwork
3. Integrity
4. Care
5. Ownership
6. Accountability
7. Communication
8. Time Management, Planning and Organization
Safety
• Safety advocate - anywhere and everywhere
• Advanced awareness and understanding of HSE rules and procedures
• Concern for own wellbeing and that of others
• Ability to pro-actively identifying safety hazards and act accordingly
Share this job with your friends
GrabJobs is the no1 job portal in Saudi Arabia, connecting you to thousands of jobs fast! Find the best jobs in Saudi Arabia, apply in 1 click and get a job today!
Copyright © 2024 Grabjobs Pte.Ltd. All Rights Reserved.
No CV Required
How to get there?
Your email job alert is now active!