JOB PURPOSE:Lead and support the development and implementation of comprehensive security risk management strategies within ADNOC Group; incorporating API 780 Standard as a risk assessment methodology. Provide expert guidance and oversight to ensure the protection of personnel, assets, and infrastructure through the identification, assessment, and mitigation of security risks. Ensure early identification and mitigation of risk concerns and facilitate department response in a controlled manner. Collaborate with cross-functional teams and support the Head of Security Governance to establish and maintain robust risk management policies, procedures and practices in line with API 780 methodology and PSMS framework criteria (ISO 28000).KEY ACCOUNTABILITIES
Lead the development of a robust enterprise-wide risk management program by ensuring that a framework and governance structure is in place to ensure adherence to approved risk strategy, standards, and guidelines.
Conduct in-depth security risk assessments using the API 780 Standard methodology to identify and evaluate potential threats, vulnerabilities, and risks to the organization's operations, personnel, and infrastructure assets to include;
o Mapping assetso Identifying security threatso Identifying security vulnerabilitieso Determining and prioritizing riskso Analysing and developing security controls
Update and maintain the corporate risk matrix and corporate security risk register based on the findings of security risk assessments, ensuring accurate and up-to-date information for risk management decision-making.
Lead the development and implementation of risk mitigation plans and security control measures, adhering to API 780 guidelines, to effectively manage identified risks. Collaborate with relevant stakeholders to ensure timely implementation and compliance.
Provide expert advice and guidance to cross-functional teams and business units on security risk management principles, methodologies, and best practices in accordance with API 780 and other QMS standards.
Integrate API 780 requirements into business processes, projects, and initiatives, ensuring security considerations are adequately addressed.
Support the Head of Security Governance in defining and enhancing security governance frameworks, policies, and procedures, aligning them with API 780 and other relevant standards.
Assist in coordinating security risk management activities across the organization, ensuring consistency and effectiveness in risk assessment and mitigation efforts.
Stay updated on emerging security threats, trends, and technologies through continuous research and analysis. Anticipate and assess potential impacts on the organization's security posture and propose proactive measures and solutions aligned with API 780.
Collaborate with internal and external partners, including law enforcement agencies, industry associations, and security consultants, to exchange security information, share best practices, and enhance security capabilities in compliance with API 780 and other relevant standards.
Conduct regular audits and reviews of security risk management programs, controls, and processes to assess their effectiveness and identify areas for improvement, adhering to API 780 requirements. Recommend and implement enhancements to strengthen the organization's security posture.
Prepare and deliver comprehensive reports, presentations, and briefings to senior management and relevant stakeholders on security risks, mitigation strategies, and compliance with API 780 and other relevant standards.
Provide guidance and mentorship to junior security professionals, fostering their professional development and knowledge in security risk management practices in alignment with API 780.
Participate in the development and maintenance of security policies, procedures, guidelines, and standards, ensuring their alignment with API 780 and other relevant standards, industry best practices, and organizational objectives.
Support and monitor the ADNOC security risk management program taking a proactive approach to help minimize and mitigate risk.
Support internal risk identification mechanisms including, but not limited to incident reports, Level 1 & 2 compliance reviews, audits, complaints / system failures, and risk assessments.
Maintain a strong overview on the progress of incident investigations and ensure Head of Governance is informed of any issues or associated risks.
Support the process for reporting and updating information relating to site security incidents, failures and near misses.
Analyse complex information from reports, reviews, and logs to establish appropriate action plans to bring about a reduction in risk.
Support the collection, analysis, and presentation of quantitative and qualitative risk management data (incidents, reviews, audits) to measure the effects of change and monitor continuous improvement.
Participate in proactive risk reduction activities using tools such as Failure Mode Effect Analysis and Threat Vulnerability Analysis.
Supervision
Self-motivated and work independently or as part of a team, according to a set program.
Plan, supervise, and coordinate all activities in the assigned area to meet functional objectives.
Provide guidance and support to junior team members, fostering their growth and development.
Budgets
Provide input for the preparation of Section budget and assist in the implementation of the approved budget and work plans to deliver objectives.
Investigate and highlight any significant variances to support effective performance and cost control.
Policies, Systems, Processes & Procedures
Implement approved Section policies, processes, systems, standards, and procedures to support the execution of work programs in line with management system standards (ISO 28000) and API 780.
Performance Management
Contribute to the achievement of the approved Performance Objectives for the Section in line with the Company Performance framework.
Innovation and Continuous Improvement
Identify improvements in internal processes in pursuit of greater efficiency in performing the Sections functions.
Innovate and implement new tools and techniques to improve the quality and efficiency of operational security services.
Contribute to the growth of the protective security management system (PSMS) as a skilled practitioner and maintain ADNOCs standards for deliverables and services.
Health, Safety, Environment (HSE)
Comply with relevant HSE policies, procedures & controls and applicable legislation and sustainability guidelines in line with ADNOC Code of Practices.
Reports
Prepare accurate and timely reports related to risk management activities, as required by the security governance team.
COMMUNICATIONS & WORKING RELATIONSHIPS:Internal
Collaborate closely with the security governance team and ADNOC stakeholders to ensure effective risk management practices and information sharing.
External
Engage with law enforcement agencies, industry associations, and security consultants, to exchange information, share good practices, and enhance security risk management capabilities.
Ad-hoc contact with ADNOC Group Companies and Federal Organizations/Institutions to verify risk practices / requirements meet national regulations and standards.