Specialist, Cybersecurity GRC III

1. JOB DETAILS:
Position Title: Specialist: Cyber Security GRC
Broad Band: M09: Professional
Department & Function: Ma aden Cyber Security
Talent Pipeline Layer: Manage Self: Expert/Consultant (MS)
2. OVERALL JOB PURPOSE:
The Specialist: Cyber Security GRC works across the entire Cyber Security division across Ma aden Corporate and Affiliates in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius. This position is responsible for conducting technology risk assessments, control self assessments, and vendor risk assessments are carried out on a regular basis. This position is also responsible for Cyber security awareness, security performance monitoring, and status reporting as well as developing and setting up required policies and SOPs. Performs compliance and aduit activities.
3. QUALIFICATIONS, EXPERIENCE & SKILLS:
Qualification:
1. Bachelor degree in Computer Science or Management Information Systems with an advanced degree desirable
Experience:
1. At least 2-4 Years' relevant experience
Skills:
1. Good understanding of Cyber Security standards (ISO27001, 22301, 9001, NIST)
2. Good understanding of IT / OT technologies.
3. Information Security Certification (CISM / CISSP / ISO27001 / ISMS Lead Auditor / ISA/IEC 62443)
4. KEY ACCOUNTABILITIES:
Focus Area
Get results through individual expert contributions, influence & efforts
Operational / Functional
1. Risk Management:
- Develop a deep understanding of IT/OT Cyber Security risks and drive the response process in order to minimize the impact of these risks
- Understand and explain risks and exposure to IT/OT environments.
- Identify the critical assets for overall Ma'aden in the seven countries and maitain & mitigate the risk associated.
- Conduct risk and threat research, keeping current with the evolving Cyber threat landscape.
- Understand and incorporates Cyber risk assessments reports into Cyber risk registers for IT and OT.
- Actively participate in IT/OT Cyber Security risk assessments across Ma aden
- Govern Cybersecurity risks across Ma aden
- Conduct third party and vendor risk assessment / audit programs
- Support the Manager: Cyber Security GRC by contributing to the development of a comprehensive Risk Management Framework that sets the tone for assessments and threat management across Ma aden
- Support the Manager: Cyber Security GRC by contributing to the establishment of a Data Security Governance Framework, Data Risk Governance, Data privacy compliance Framework, Data privacy assessment, Cloud data privacy management
- Support the Manager: Cyber Security GRC by contributing to the establishment of a Risk Intelligence center (RIC) covering Common control framework, cloud risk
2. Strategy, Governance & Compliance:
- Monitor the application of the Security Governance Framework and model across Ma aden
- Facilitate the execution of the Ma aden Cyber Security Strategy across the organization
- Execute governance, risk and compliance (GRC) initiatives and activities across Ma aden
- Provide input on Cyber Security policies, standards, procedures and the Unified Control Frameworks (UCF)
- Ensure continous and peridical review of all governance related in terms of policies, processes, frameworks and controls.
- Communicate GRC objectives to ensure appropriate compliance and risk aware culture
- Provides IT/OT Cyber Security consultation to stakeholders across Ma'aden in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius
1. Consistently deliver solutions which contribute to business results and improved competitiveness (consulting advice, business options)
2. Deliver quality solutions/ service cost effectively on time and within risk parameters
3. Provide advice that are generally accepted and implemented on programmes and systems, creating a competitive advantage for organization, leading to quality results
4. Continuously develop extensive knowledge relating to the field of work and personal mastery in technical skills application
5. Deliver Cost effective results
6. Risk results
7. HSE targets
8. Conduct Research & Development that leads to new solutions being implemented in the organization
Leadership
1. Capability building:
- Builds awareness of IT/OT Cyber Security governance areas through Training & awareness
- Subject Matter Expert in IT/OT Cyber Security Coaching, Problem solving, and Risk Management tools and techniques
2. Quality Assurance:
- Develop a Cyber Security awareness, training program and related strategy for users across Ma aden
- Provide Quality Assurance & Compliance advice and services to improve service delivery performance and enhance customer satisfaction
- Conduct internal audits to check compliance of IT/OT Cyber Security standards, and propose plans to close gaps as part of the Internal & External Audit Non-Conformance (NC) and Observations closure process
- Coordinate with IA to build the audit scope and program for General Computer Controls (GCC) audits
- Identifying improvement areas, reassess and challenge standardization needs, identification of automation opportunities across Ma aden, etc.
- Report product quality level before any external delivery and stop delivery if quality standards are not met
1. Understand, support and live the Ma'aden vision, values and goals
2. Expert utilization & direction through selling and obtaining support for value adding ideas leading to business improvement
3. Takes accountability for personal improvement, personal development, skills development and effectiveness
4. Expertise transfer, sharing and development
5. Plan and project management
6. Establish Policies, practices, standards, procedures and methods; application, review and development
7. Deliver expert solutions as a thought leader, to meet changing business & work requirements through Trends, analysis, problem solving and quality decision making
8. Process and risk impact, reporting and corrective action
9. Extract, capture and disseminate Knowledge within knowledge management standards

Desired Candidate Profile

Education:
Bachelors in Computer Application(Computers)
Gender:
nm
Nationality:
Any Nationality