JOB PURPOSE:Formulate and implement a forward-thinking strategic risk management framework that aligns with the organization's long-term objectives including identifying, assessing, and mitigating strategic risks to safeguard the organization's reputation, financial stability, and sustainable growth.KEY ACCOUNTABILITIES:Risk Assessment
Conduct risk assessments within the organization's Digital/OT cybersecurity including identifying and evaluating potential IT/OT risks and vulnerabilities that could impact the organization's strategic objectives, financial stability, and overall performance.
Model hypothetical scenarios that could pose significant risks to the organization and develop strategies to mitigate these risks.
Assess risks accurately and provide actionable recommendations in helping the organization make informed choices and interventions.
Collect evidence for relevant risks controls implementations.
Strategic risk management framework
Implement a strategic risk management framework to address identified risks in a systematic and proactive manner, aligning risk mitigation strategies with the organization's long-term goals.
Prepare annual plan and demands for relevant IT/OT Risk Management and compliance.
Report on Digital/OT Cybersecurity risks, compliance actions, and treatment plan.
Work closely and Support the ERM team for management of risks and their controls in ERM register.
Perform the role of Risk Champion for Digital Division as part of Corporate and Group ERM processes.
Setup and manage governance structures to manage risk profile and cybersecurity scorecards.
Manage risk reporting and communication at levels in Group Company and HQ.
Compliance monitoring
Monitor and assess compliance with relevant laws, regulations, and industry standards. Develop and maintain a compliance framework that aligns with leading practices.
Stay updated on changes in relevant regulations and standards that may impact the organizations operations and ensure timely adjustments to compliance procedures.
Work closely with ADNOC HQ/Group Digital to develop, enhance, and maintain compliance programs, policies, procedures, and guidelines that align with industry leading practices and regulatory requirements.
Implement and utilize relevant compliance monitoring tools and technology to automate compliance checks, streamline reporting, and enhance the efficiency of compliance monitoring processes.
Monitor compliance of third-party vendors, suppliers, and partners to ensure they meet relevant organizations standards and regulatory requirements.
Develop and maintain a relevant due diligence process for onboarding and monitoring third-party relationships.
Track Cybersecurity controls implementation in liaison with local functions, Shared Services and Group Digital, along with their evidence.
Conduct OT Cybersecurity compliance review.
Monitoring Key Risk Indicators (KRIs):
Identify and track key risk indicators (KRIs) that are relevant to compliance and can serve as early warning signs for potential compliance issues.
Develop a system for relevant regular KRI reporting and analysis and initiate appropriate actions in response to deviations from expected compliance levels.
Security and compliance training and awareness:
Organize and facilitate compliance training programs and awareness campaigns for employees, contractors, and relevant stakeholders to promote a culture of relevant compliance.
Ensure employees understand their relevant compliance responsibilities and obligations.
Conduct awareness sessions for users in any aspects of Cybersecurity and Information Assets Protection.
Support in design and provision of different awareness / training contents.
Analyse effectiveness of provisioned awareness / trainings.
Incident reporting and response:
Supporting the relevant process for reporting and follow ups for compliance violations, incidents, or breaches.
Implement incident response plans to address relevant compliance violations promptly and effectively, ensuring proper documentation and corrective actions.
Work closely and support SOC, VMS and Red teams for handling and follow up of reported incidents.
Regulatory liaison:
Where necessary, maintain positive relationships with regulatory authorities and external bodies, ensuring or supporting timely and accurate submission of required compliance documents and information.
Compliance culture advocacy:
Act as an advocate for a strong compliance culture within the organization, emphasizing the importance of ethical conduct, integrity, and adherence to compliance standards at all levels of the organization.
Projects and KPI Management:
Manage and track relevant projects in liaison with local functions, Shared Services and Group Digital.
Communicate, Support and Coordinate with stakeholders during relevant Group Digital Cybersecurity projects activities.
Engage in relevant scoping, technical evaluation and call off orders.
Plan, supervise and coordinate relevant activities to meet functional and group objectives and KPIs.
Business Continuity Management:
Prepare relevant annual DR Drill plan and demands for Digital Business Continuity Management in liaison with local functions, Shared Services and Group Digital.
Work closely with local functions, Group Digital and Shared Services to identify relevant potential impacts of various disruptions / incidents and disaster scenarios and contribute to making recommendations.