إنتهت صلاحية هذا الإعلان الوظيفي لقد إنتهت صلاحية هذا الإعلان الوظيفي و هو غير مفتوح حاليا لأي طلبات عمل.
إرفاق
وصف الوظيفة
Job Purpose:
The job holder is responsible for supervising cybersecurity risk management activities including the development of cybersecurity risk management methodology and standards, supervising risk assessments, maintaining cybersecurity risk register, providing recommendations to risk owners, maintaining risk remediation plans, and including third-party risk management capabilities in order to minimize and mitigate cybersecurity risks.
Responsibilities:
- Contribute to the development of Cybersecurity Governance, Risk and Compliance business plan in line with the strategic plan of Cybersecurity and Risk
- Develop the operational plan for Cybersecurity Risk Assessment in line with the business plan of Cybersecurity Governance, Risk and Compliance and strategic plan of Cybersecurity and Risk
- Identify and measure/ monitor progress towards achieving key performance indicators
- Ensure that Cybersecurity Governance, Risk and Compliance business plan is well communicated and understood
- Participate in the development of polices in compliance with requirements (legal, internal, external)
- Manage the development of Cybersecurity Risk Assessment processes, procedures, forms, and tools in compliance with policies and identify business needs for automation in coordination with Technology Services
- Provide subject matter expertise in Cybersecurity Risk Assessment subjects and support in developing approaches and tools
- Coordinate with internal and external stakeholders including other departments, public and private sector entities, contractors, and consultants
- Identify sources of data, ensure data accuracy and conduct complex analysis
- Follow-up and handle escalated cases/issues with the Section Head and ensure resolution in a timely manner
- Develop advanced reports and submit for decision-making purposes
- Work with others to implement and maintain the cybersecurity risk management program
- Work with CHI officials to ensure continuous monitoring tool data provides situation awareness of risk levels
- Perform risk analysis whenever an application or system undergoes a major change
- Conduct cybersecurity risk assessments (i.e. threats and vulnerabilities) using monitoring tools, develop risk profiles, and ensure update of risk register accordingly to keep risks up to date for timely treatment and mitigation
- Ensure that cybersecurity risk assessments results and posture and are shared with relevant teams and senior management
- Conduct business impact analysis from a cybersecurity perspective to support the overall business impact analysis of CHI
- Assist in the development of risk mitigation strategies and specific cybersecurity countermeasures in coordination with owners to effectively manage risk in accordance with organizational risk appetite
- Monitor implementation to enforce treatment of risks
- Collaborate with concerned stakeholders on all processes related to assessing projects, vendors, etc.
- Ensure that risk assessment are performed before signing contracts and agreements, when applicable, to cover third party risk management properly
- Ensure that cybersecurity risk assessment procedures are implemented in the early stages of technology and digital transformation projects, before making major changes to technology infrastructure and during the planning phase of obtaining third-party services, to identify risks in a timely manner
- Review and update the cybersecurity risk management methodology and procedures periodically according to planned intervals or upon changes to related laws and regulations to identify ongoing risks
- Recommend changes to the infrastructure intended to improve overall security for multiple systems based on identified risks in order to get ahead of threats
- Develop regular reports to relevant stakeholders based on well-defined metrics to provide visibility and increase awareness of CHI management and counterparts
- Transfer know-how to team members and support in monitoring team performance and providing feedback
Job Qualifications:
Education, Certifications
- Bachelor’s degree in information systems or computer science or Cybersecurity or a related field
- Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) or GRC Professional (GRCP) or Certified Information Systems Security Professional (CISSP) or CompTIA Security+ or Systems Security Certified Practitioner (SSCP) or Certified Authorization Professional (CAP) or Cybersecurity Audit Certificate (CAC) or Certified Cloud Security Professional (CCSP) or ISO 27005 or Certified Information Systems Auditor (CISA) or any other equivalent certification is a must
- Knowledge of NCA and ISO 27005 standards
- Basic requirements of oral and written English language (Basic)
Experience
- 6+ years of relevant experience
- Experience in risk management frameworks and methodologies practices as well as performing risk assessments; updating risk registers, conducting threat landscape assessment and threat profiling, ensuring third party risk is covered in the risk management process, developing risk treatment plans, and documenting risks in proper reporting
- Previous experience in government sector or regulatory bodies is preferable
المهارات
Skills:
1. Strong knowledge of cybersecurity principles, practices, and technologies
2. Experience in conducting risk assessments and developing risk management strategies
3. Proficiency in implementing and managing security controls
4. Ability to lead and mentor a team of cybersecurity professionals
5. Excellent communication and interpersonal skills
6. Strong problem-solving and analytical skills
7. Familiarity with compliance regulations and standards in cybersecurity
8. Project management skills to coordinate and execute risk management initiatives
9. Ability to stay updated on the latest cybersecurity threats and trends
10. Critical thinking and decision-making abilities to address security challenges