Information Security Risk Specialist

Recruiter
Location
Saudi Arabia
Salary
Competitive
Posted
13 Apr 2016
Closes
21 Nov 2016
Ref
815545517_3
Sector
Oil and Gas
Contract Type
Permanent
Hours
Full Time
Position Description
Responsible for ensuring that the company's information security risk appetite and tolerance are understood, articulated, and communicated, and that the information security risk to business value due to the use of information technologies is identified and managed.

Minimum Requirements
A bachelor's degree in computer science/engineering, management information systems (MIS), or a related technical degree.
A minimum 15+ years of IT, security, business process and GRC experience (preferably related to information security, and information technologies).
A minimum 8+ years of experience in conducting information security risk assessments.
A minimum 8+ years of experience in conducting risk-based information security audits.
In-depth knowledge of information security management, practice, and understanding of privacy and security regulations, i.e., COBIT, NIST, NERC, ISA 99, IEC 61850, and ISO.
In-depth knowledge of information security GRC (governance, risk, compliance) methodologies, tools, and enablers.
Conduct research to keep abreast of latest security issues and stay current on information security technologies, trends, standards, and best practices.

Duties and Responsibilities
The candidate will perform the following activities:
Align the information security risk appetite with the overall corporate risk appetite determined at the board level.
Monitor the company's information security risk profile and risk appetite to achieve optimal balance between business risk and opportunities.
Monitor and optimize the efficiency and effectiveness of the risk management processes.
Ensure proper treatment of reported information security risks by reviewing risk mitigation plans, following up on risk mitigation activities, and escalating non-mitigated risks.
Develop an information security risk management strategy that addresses how organizations intend to assess, respond, and monitor information security risk.
Verify that planned risk response measures are implemented and information security requirements derived from/traceable to organizational missions/business functions, government legislation, directives, regulations, policies, and standards, and guidelines, are satisfied.
Articulate and communicate transparently the impact of IS risks on business goals and objectives to corporate management.
Ensure that identified IS risks are maintained within established IS risk appetite and tolerance.
Verify that planned risk response measures are implemented and information security requirements derived from/traceable to organizational missions/business functions, government legislation, directives, regulations, policies, and standards, and guidelines, are satisfied.
Coordinate, monitor, and report the progress of IS risk remediation activities, resulting from oversight and monitoring processes.
Develop and maintain current and complete IS risk profiles for all information systems, including software, devices, and infrastructure.
Coordinate and support the evaluation of the corporate risk to information security.