Specialist, Risk & Compliance (IT Sec.)

  • Full Time
  • Anywhere

ADNOC


JOB DESCRIPTION

JOB PURPOSE:

 

Formulate and implement a forward-thinking strategic risk management framework that aligns with the organization’s long-term objectives including identifying, assessing, and mitigating strategic risks to safeguard the organization’s reputation, financial stability, and sustainable growth.

 

KEY ACCOUNTABILITIES:

 

Risk Assessment

  • Conduct risk assessments within the organization’s Digital/OT cybersecurity including identifying and evaluating potential IT/OT risks and vulnerabilities that could impact the organization’s strategic objectives, financial stability, and overall performance.
  • Model hypothetical scenarios that could pose significant risks to the organization and develop strategies to mitigate these risks.
  • Assess risks accurately and provide actionable recommendations in helping the organization make informed choices and interventions.
  • Collect evidence for relevant risks controls implementations.  

 

Strategic risk management framework

  • Implement a strategic risk management framework to address identified risks in a systematic and proactive manner, aligning risk mitigation strategies with the organization’s long-term goals.
  • Prepare annual plan and demands for relevant IT/OT Risk Management and compliance.
  • Report on Digital/OT Cybersecurity risks, compliance actions, and treatment plan.
  • Work closely and Support the ERM team for management of risks and their controls in ERM register.
  • Perform the role of Risk Champion for Digital Division as part of Corporate and Group ERM processes.
  • Setup and manage governance structures to manage risk profile and cybersecurity scorecards.
  • Manage risk reporting and communication at levels in Group Company and HQ.

 

 

Compliance monitoring

  • Monitor and assess compliance with relevant laws, regulations, and industry standards. Develop and maintain a compliance framework that aligns with leading practices.
  • Stay updated on changes in relevant regulations and standards that may impact the organization’s operations and ensure timely adjustments to compliance procedures.
  • Work closely with company HQ/Group Digital to develop, enhance, and maintain compliance programs, policies, procedures, and guidelines that align with industry leading practices and regulatory requirements.
  • Implement and utilize relevant compliance monitoring tools and technology to automate compliance checks, streamline reporting, and enhance the efficiency of compliance monitoring processes.
  • Monitor compliance of third-party vendors, suppliers, and partners to ensure they meet relevant organization’s standards and regulatory requirements.
  • Develop and maintain a relevant due diligence process for onboarding and monitoring third-party relationships.
  • Track Cybersecurity controls implementation in liaison with local functions, Shared Services and Group Digital, along with their evidence.
  • Conduct OT Cybersecurity compliance review.

 

Monitoring Key Risk Indicators (KRIs):

  • Identify and track key risk indicators (KRIs) that are relevant to compliance and can serve as early warning signs for potential compliance issues.
  • Develop a system for relevant regular KRI reporting and analysis and initiate appropriate actions in response to deviations from expected compliance levels.

 

Security and compliance training and awareness:

  • Organize and facilitate compliance training programs and awareness campaigns for employees, contractors, and relevant stakeholders to promote a culture of relevant compliance.
  • Ensure employees understand their relevant compliance responsibilities and obligations.
  • Conduct awareness sessions for users in any aspects of Cybersecurity and Information Assets Protection.
  • Support in design and provision of different awareness / training contents.
  • Analyse effectiveness of provisioned awareness / trainings.

 

Incident reporting and response:

  • Supporting the relevant process for reporting and follow ups for compliance violations, incidents, or breaches.
  • Implement incident response plans to address relevant compliance violations promptly and effectively, ensuring proper documentation and corrective actions.
  • Work closely and support SOC, VMS and Red teams for handling and follow up of reported incidents.

 

Regulatory liaison:

  • Where necessary, maintain positive relationships with regulatory authorities and external bodies, ensuring or supporting timely and accurate submission of required compliance documents and information.

 

Compliance culture advocacy:

  • Act as an advocate for a strong compliance culture within the organization, emphasizing the importance of ethical conduct, integrity, and adherence to compliance standards at all levels of the organization.

 

 

Projects and KPI Management:

  • Manage and track relevant projects in liaison with local functions, Shared Services and Group Digital.
  • Communicate, Support and Coordinate with stakeholders during relevant Group Digital Cybersecurity projects activities.
  • Engage in relevant scoping, technical evaluation and call off orders.
  • Plan, supervise and coordinate relevant activities to meet functional and group objectives and KPIs.

 

Business Continuity Management:

  • Prepare relevant annual DR Drill plan and demands for Digital Business Continuity Management in liaison with local functions, Shared Services and Group Digital.
  • Work closely with local functions, Group Digital and Shared Services to identify relevant potential impacts of various disruptions / incidents and disaster scenarios and contribute to making recommendations.

 

 

QUALIFICATIONS, EXPERIENCE, KNOWLEDGE & SKILLS:

 

Minimum Qualification

  • Bachelor’s degree in computer science, engineering, information security or equivalent

 

Minimum Experience & Knowledge & Skills

  • 10 years of experience in IT/OT risk management, security governance, audit projects
  • Proven capability in International Standards such as ISO 27001, ISA/IEC 62443, CSA, COBIT, CIS, Cybersecurity Standards, NIST, etc.
  • Certification in at least one of the following: CGEIT, CISSP, GICSP, CCSK, CISA+CISM
  • Good technical competencies and exposure to IT/OT application or infrastructure development, support, and management of PLC, DCS, SCADA systems.



Close the popup




Apply Now

To apply for this job please visit jobs.adnoc.ae.