Sr Specialist IDS Risk, DR

Job title

Sr. Specialist IDS Risk, DR

& Compliance

Grade

Stream

People & Technology

Function

Corporate IDS

Location

Oman – Muscat

Budget control

*OPEX and/or CAPEX and/or Revenue amount as

relevant*

Reporting to

Manager IDS Governance & Excellence

Direct reports

0

Job purpose

Provides end-to-end subject matter expertise and execution capabilities across the domains of technology risk management, disaster recovery, and regulatory compliance. The role supports the development and implementation of frameworks, policies, and practices that protect OQ's digital infrastructure and ensure operational resilience.

The position will act in accordance with the OQ's Mission, Vision, Values & Strategies, as well as, policies, guidelines, and standards, supported by an IT Technology platform, HSE standards, Omani's government & other legal justifications, and best international practices in consonance with national objectives.

Main tasks and responsibilities

Risk Management

·       Identify, assess, and monitor IDS-related risks including, operational, infrastructure, and compliance risks.

·       Conduct periodic risk assessments, internal audits, and gap analyses.

·       Collaborate with IT, Cybersecurity, and Enterprise Architecture teams to define and implement control frameworks aligned to ISO 27005, NIST RMF, and COBIT principles.

·       Maintain a centralized risk register and ensure timely mitigation, acceptance, transfer, or avoidance strategies for each identified risk.

·       Regularly review risk appetite, metrics, and thresholds in collaboration with Governance and Internal Audit functions.

Disaster Recovery (DR) Planning

·       Lead the design, implementation, testing, and continual improvement of IDS DR plans aligned with ISO 22301.

·       Define business impact assessments (BIAs), RTOs (Recovery Time Objectives), and RPOs (Recovery Point Objectives) for critical systems and applications.

·       Coordinate DR simulations, tabletop exercises, and live recovery tests across OQ's digital environments.

·       Ensure DR strategies are aligned with on-premises, private cloud, and hybrid cloud environments.

·       Collaborate with business continuity leads across group entities to ensure interdependency planning and resilience readiness.

Compliance Management

·       Monitor and ensure compliance with internal policies, national regulations (e.g., Omani privacy laws), and global frameworks (e.g., GDPR, ISO

·       Prepare for internal and external audits by maintaining a compliance evidence repository, ensuring traceability and accountability.

·       Contribute to the development and update of IDS policies, procedures, Process and SOPs.

·       Conduct third-party risk assessments and ensure vendor compliance through contract clauses, periodic reviews, and audits.

·       Liaise with legal, risk, and regulatory teams for evolving requirements.

Incident Response

·       Act as a core member of the Incident Response Team for IDS-related incidents.

·       Help establish and maintain response playbooks for cyberattacks, data breaches, outages, and system compromises.

·       Support forensic investigations and root cause analysis following incidents.

·       Lead post-incident reviews and implement lessons learned into the risk and DR frameworks.

Training and Awareness

·       Design and deliver role-based training programs on risk management, DR awareness, and compliance best practices for IDS teams and business users.

·       Drive a culture of risk ownership, security awareness, and policy compliance.

·       Build and maintain a knowledge hub for best practices and regulatory updates.

Continuous Improvement

·       Monitor global trends in cyber resilience, regulatory technology (RegTech), and digital risk.

·       Propose enhancements to current systems including automation, data analytics, and integrated dashboards for real-time visibility.

·       Lead process maturity assessments using CMMI or similar frameworks and develop improvement roadmaps.

Key interactions

Internal: OQSAOC Streams/AssetsExternal: Technology vendors, auditors, regulators, managed service providers.

Notable Working Conditions. Office-based role with occasional visits to operational and disaster recovery sites. May require availability outside regular hours during DR tests or incidents.

Education requirements

·       Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.

·       Master's degree or relevant certifications (e.g., CISSP, CISM, CBCP, ISO 27001 Lead Implementer/Auditor) preferred.

Language

Excellent knowledge of written, read, and spoken English (required) Arabic - Native (desirable)

Background and experience

Competencies and skills

· 6–8 years of experience in cybersecurity, risk management, compliance.

· Strong understanding of data protection laws and DR frameworks.

· Familiarity with industry standards (e.g., ISO 27001, NIST, CIS Controls).

Behavioral:

Strong analytical and communication skills.

· Leadership mindset with stakeholder engagement capabilities.

· Ethical, detail-oriented, and adaptable to regulatory changes.

· Ability to work across functional teams and influence without authority.

· High integrity, ethical conduct, and a sense of accountability.

· Problem-solving orientation with the ability to manage ambiguity.

· Passion for continuous learning and adapting to change.

Technical:

· Proficiency in risk and compliance tools.

· Knowledge of IT infrastructure, cloud, and access control mechanisms.

· Exposure to legal, regulatory, and audit requirements.

· Understanding of privacy-by-design and privacy-by-default principles.

· Familiarity with ITSM processes, SIEM/SOC practices, vulnerability management, and asset classification.

· Deep understanding of risk management, DR/BCM, compliance frameworks, and regulatory obligations.