Senior Cybersecurity Risk

Reports to: IM&T Risk & Compliance Lead and IDS5

Job Purpose:

• To cater critical activities such as Compliance Assessments, Cybersecurity Advisory Services and Cybersecurity Risk Rationalization.
• To perform ISMS Implementation Risk Assessment, and GRC Documentation.
• To ensure effective Legal, Statutory and Regulatory Compliance.
• To conduct Cybersecurity Third Party and Vendor Site Assessments, as well as reporting IRM Metrics.
• To ensure managing IKRM Step-out, deviation Management Processes, maintaining CS governance document and perform ISMS Implementation Risk Assessments.
• To ensure Continuous Improvements and Lean Practices within PDO Cybersecurity Risk & Compliance Management Processes.
• To create and update existing Compliance and Assurance Dashboards and critical processes VMBs.

Key Responsibilities:

• The incumbent shall have the ability to work in a team in a multicultural environment and must be able to communicate effectively with all levels of the organization. Fluency in both written and verbal English is mandatory.
• The incumbent will need to determine risk-based maintenance techniques appropriate to meet PDO Cybersecurity requirements.
• Provide comprehensive assistance, guidance, and meticulous follow-up with over 60 Applications & Services Guardians/Action Owners to ensure timely closure of Internal & External Audit Actions.
• Manage the PDO Cybersecurity Risk Management Tool, including maintenance, access management, and reporting.
• Conduct periodic reviews and follow-ups on the 7 High IDD Strategic Risks identified in the IDD Risk Profile.
• Act as the secondary focal point within the team, performing day-to-day activities related to Cybersecurity Risk, Compliance, and Assurance.
• Review, update, and automate the PDO Cybersecurity Information Risk Management (IRM) Metrics & Measurement Management Procedure.
• Conduct IT Security Audits and Compliance Checks on Cybersecurity Controls deployed in PDO IT Operations.
• Serve as the IKRM Step-out process owner, overseeing the entire end-to-end process and facilitating team transitions as needed.
• Perform the Process Owner role for contractor site assessments and execute process revamp projects, integrating new ISO27001:2022 Controls.
• Incorporate new strategic processes, renovate existing processes, improve process efficiency, manage dashboards, and maintain process documents such as SP-2127, PR-2147, and SOP-3206.
• Ability to participate in and support ALSOOR Program reviews and milestone determinations.

Key Requirements:

• Graduate or Post Graduate or equivalent Cybersecurity Risk & Compliance experience.
• At least 10 years of experience in Information Security Management Systems.
• Experience in performing Supply Chain Security and Contractor Compliance Assessments.
• Ability to document and describe typical and specific expert-level networks, and data/communications.
• Experience in conducting and communicating security evaluations and communicating cyber risk impacts and consequences to all levels of stakeholders.
• Ability to document and describe cyber risk in the context of Information Technology (loss of view/control, RAM etc.).
• Experience in managing Cybersecurity Governance, Risk & Compliance Management (GRC) Tools, including maintenance, access management, and reporting.
• Competency in ISO27000 and COBIT Frameworks.
• Ability to understand business needs and support the PDO business and application team.
• Capability to create and update existing Compliance and Assurance Dashboards and critical processes VMBs.
• Professional Cybersecurity Risk & Compliance designation.

Note: We thank all applicants for their interest; however, only those candidates who are shortlisted will be contacted.