Specialist, Risk & Compliance (it Sec.)

Abu Dhabi, United Arab Emirates

Job Description

JOB PURPOSE:Formulate and implement a forward-thinking strategic risk management framework that aligns with the organization's long-term objectives including identifying, assessing, and mitigating strategic risks to safeguard the organization's reputation, financial stability, and sustainable growth.KEY ACCOUNTABILITIES:Risk Assessment
  • Conduct risk assessments within the organization's Digital/OT cybersecurity including identifying and evaluating potential IT/OT risks and vulnerabilities that could impact the organization's strategic objectives, financial stability, and overall performance.
  • Model hypothetical scenarios that could pose significant risks to the organization and develop strategies to mitigate these risks.
  • Assess risks accurately and provide actionable recommendations in helping the organization make informed choices and interventions.
  • Collect evidence for relevant risks controls implementations.
Strategic risk management framework
  • Implement a strategic risk management framework to address identified risks in a systematic and proactive manner, aligning risk mitigation strategies with the organization's long-term goals.
  • Prepare annual plan and demands for relevant IT/OT Risk Management and compliance.
  • Report on Digital/OT Cybersecurity risks, compliance actions, and treatment plan.
  • Work closely and Support the ERM team for management of risks and their controls in ERM register.
  • Perform the role of Risk Champion for Digital Division as part of Corporate and Group ERM processes.
  • Setup and manage governance structures to manage risk profile and cybersecurity scorecards.
  • Manage risk reporting and communication at levels in Group Company and HQ.
Compliance monitoring
  • Monitor and assess compliance with relevant laws, regulations, and industry standards. Develop and maintain a compliance framework that aligns with leading practices.
  • Stay updated on changes in relevant regulations and standards that may impact the organizations operations and ensure timely adjustments to compliance procedures.
  • Work closely with ADNOC HQ/Group Digital to develop, enhance, and maintain compliance programs, policies, procedures, and guidelines that align with industry leading practices and regulatory requirements.
  • Implement and utilize relevant compliance monitoring tools and technology to automate compliance checks, streamline reporting, and enhance the efficiency of compliance monitoring processes.
  • Monitor compliance of third-party vendors, suppliers, and partners to ensure they meet relevant organizations standards and regulatory requirements.
  • Develop and maintain a relevant due diligence process for onboarding and monitoring third-party relationships.
  • Track Cybersecurity controls implementation in liaison with local functions, Shared Services and Group Digital, along with their evidence.
  • Conduct OT Cybersecurity compliance review.
Monitoring Key Risk Indicators (KRIs):
  • Identify and track key risk indicators (KRIs) that are relevant to compliance and can serve as early warning signs for potential compliance issues.
  • Develop a system for relevant regular KRI reporting and analysis and initiate appropriate actions in response to deviations from expected compliance levels.
Security and compliance training and awareness:
  • Organize and facilitate compliance training programs and awareness campaigns for employees, contractors, and relevant stakeholders to promote a culture of relevant compliance.
  • Ensure employees understand their relevant compliance responsibilities and obligations.
  • Conduct awareness sessions for users in any aspects of Cybersecurity and Information Assets Protection.
  • Support in design and provision of different awareness / training contents.
  • Analyse effectiveness of provisioned awareness / trainings.
Incident reporting and response:
  • Supporting the relevant process for reporting and follow ups for compliance violations, incidents, or breaches.
  • Implement incident response plans to address relevant compliance violations promptly and effectively, ensuring proper documentation and corrective actions.
  • Work closely and support SOC, VMS and Red teams for handling and follow up of reported incidents.
Regulatory liaison:
  • Where necessary, maintain positive relationships with regulatory authorities and external bodies, ensuring or supporting timely and accurate submission of required compliance documents and information.
Compliance culture advocacy:
  • Act as an advocate for a strong compliance culture within the organization, emphasizing the importance of ethical conduct, integrity, and adherence to compliance standards at all levels of the organization.
Projects and KPI Management:
  • Manage and track relevant projects in liaison with local functions, Shared Services and Group Digital.
  • Communicate, Support and Coordinate with stakeholders during relevant Group Digital Cybersecurity projects activities.
  • Engage in relevant scoping, technical evaluation and call off orders.
  • Plan, supervise and coordinate relevant activities to meet functional and group objectives and KPIs.
Business Continuity Management:
  • Prepare relevant annual DR Drill plan and demands for Digital Business Continuity Management in liaison with local functions, Shared Services and Group Digital.
  • Work closely with local functions, Group Digital and Shared Services to identify relevant potential impacts of various disruptions / incidents and disaster scenarios and contribute to making recommendations.
QUALIFICATIONS, EXPERIENCE, KNOWLEDGE & SKILLS:Minimum Qualification
  • Bachelors degree in computer science, engineering, information security or equivalent
Minimum Experience & Knowledge & Skills
  • 10 years of experience in IT/OT risk management, security governance, audit projects
  • Proven capability in International Standards such as ISO 27001, ISA/IEC 62443, CSA, COBIT, CIS, Cybersecurity Standards, NIST, etc.
  • Certification in at least one of the following: CGEIT, CISSP, GICSP, CCSK, CISA+CISM
  • Good technical competencies and exposure to IT/OT application or infrastructure development, support, and management of PLC, DCS, SCADA systems.

ADNOC

Beware of fraud agents! do not pay money to get a job

MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Job Detail

  • Job Id
    JD1766027
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Abu Dhabi, United Arab Emirates
  • Education
    Not mentioned