Careers Senior It Security Risk & Compliance Analyst – Sumaco Manpower in Abu Dhabi
Maintain and implement the Information Security Management System and IT Risk Management initiatives across the IT infrastructure and monitor corporate wide compliance with IT security policies, procedures and guidelines to ensure the effectiveness of the company’s Information Security and Risk Management Program. Principal Accountabilities: • Implement approved section policies, processes, systems, standards and procedures in order to support execution of the section’s work programs in lines with the company and International standards • Company with all applicable legislation and legal regulations • Provide input for preparation of the IT Information Security Department budget and assist in the implementation of the approved budgets and work plans to deliver Section Objectives • Investigate/highlight any significant variances to support effective performance and cost control • Participate in the preparation of Section’s budget in order to provide justification of budget requests through the development of business cases • Contribute to the achievement of the approved Performance Objectives for the Section in line with the company Performance Framework • Monitor the implementation of performance objectives for the IT Information Security Department based on single point accountabilities as well as establish monitoring mechanisms in order to ensure that these objectives are delivered • Design and implement new tools and techniques to improve the quality and efficiency of operational processes • Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with ISO standards in order to define intelligent solutions for issues confronting the function • Monitor the performance of the Risk and Compliance Program and related activities on a continuing basis in order to take appropriate steps to improve its effectiveness • Study and evaluate frequently reported problems to pro-actively take necessary actions to prevent them in the future • Observe and evaluate new technology to keep improving Company IT Security infrastructure framework and pro-actively protect company against new threats and risks • Comply with relevant HSE policies, procedures, and controls and applicable legislation and sustainability guidelines in line with international standards, best practice and ADNOC Code of Practices provide recommendations and assist in implementation of changes in work practices and procedures to make them more effective . • Strengthen security measures to ensure company HSE policy is applied in all aspects of work • Identify any potential areas of compliance vulnerability and risk in order to implement corrective action plans for resolution of problematic issues, and provide general guidance on measures to avoid or deal with similar situation in the future • Perform Risk assessment on the risk that could seriously impact IT services across enterprise IT infrastructure against the ISO 27001 standards and recommend the appropriate controls and risk plans and programs to mitigate the risk • Monitor and identify any new technology risk threat and take pro0active measure to protect company computing and networking environments • Supervise and participates in the conduct of penetration testing to assess the vulnerabilities and weaknesses in the systems
Minimum Requirements: • Bachelor degree in Information Technology or Computer Science or a Diploma in a relevant field • An Information security related recognized certification such as CISSP, CISM, CCNP • 8 or more years of relevant experience in IT security risk and compliance within large industrial organization, preferably in oil and gas • Experience in ISO 27001 project implementation or in depth understanding and requirements of the ISO 27001 standard • Sound knowledge on the industry standards and framework like COBI , ITIL, ect.., hand on experience in security appliance, end point security, gate way and application • Experience in configuring security standards on scalable networks, sounds like technical knowledge on UNIX, windows operating systems, routers, switches, firewalls, proxy and latest technology • Ensure to security aspect of industrial control system and its terminologies Generic ability to write and document the IT related policies and procedures • Good interpersonal and presentation skill set – Source from NaurikiGulf UAEApply for this job.