-
Engineer Tester and COMMI
منذ يومين
Alfanar Yanbu, المملكة العربية السعوديةRESPONSIBILITIES · Responsible for ongoing development and governance of policies and procedures relating to IT and IS Risk management. · Ensure that all internal, external, services and regulatory Information Security (IS) audits are passed. · Confirm and maintain security polic ...
Engineer Tester and COMMI - Yanbu, المملكة العربية السعودية - Alfanar
وصف
RESPONSIBILITIES
Responsible for ongoing development and governance of policies andprocedures relating to IT and IS Riskmanagement.
Ensure that all internal, external,services and regulatory Information Security (IS) audits arepassed.
Confirm and maintain security policydocumentation.
Engage with management to ensuresupport for the IS program.
Coordinate withvendors, auditors, and other departments to enhanceIS.
Design, develop and manage a program for ISawareness.
Review Business Requirement Documents(BRDs) from IT Compliance and information security perspectives andprovide input at the earlystages.
Conduct periodic technicalvulnerability assessment and penetration testing or as whenrequested by business systemowners.
Integrate ISrequirements into organisation processes e.g., change control,mergers and acquisitions, and lifecycleactivities
Consult and/or develop remediationplans across all operational areas of IT (i.e., Security, DisasterRecovery, Change Management, IT Operations,etc.)
Conduct Risk Assessment ofall new applications and publish Residual Risk Report (as per RiskManagement framework) to
Project Owner prior togo-live.
Perform any other tasks given by theline manager or senior management.
Complianceand adherence to the HR laws, Confidentiality policies and otherpoliciesapplicable.
PREFERREDSKILLS
Good communication and presentationskills.
Ability to understand complex businessprocesses and activities.
Flexible work approachbased on the job requirements.
Ability toself-organize his time and meetdeadlines.
QUALIFICATIONS
Bachelors degree in information security, information technology orrelated technical discipline
Certification inCISA, CIPP, CEH, CISM, CISSP, 27001 Lead Implementer etc. is anadded advantage
Experience in the Implementationof Management Systems, Risk Assessment, Information Classification,Security
Awareness, andCompliance.
Expertise in one or more of thefollowing areas: Security Governance, Incident Response, SecurityOperations, Threat Intel,
Cloud Security,Architecture, Data Protection, Network Security, Endpoint Security,IAM
Experience in being involved inimplementation and skills in at least 2 of the following standards:ISO/IEC 27001, ISO 22301,
PCI-DSS, ISO/IEC20000-1, UAE(IA), ISR.
Understanding theinformation security concepts and the implementation requirementsof Management Systems, Risk
Assessment, Dataprotection & SecurityAwareness.
ADDITIONAL NOTES
Experience required in the field - Minimum 5 years of experienceout of which 3 years should be in InformationSecurity.
Remote Work :
No