Primary Purpose of the Job: |
- Manage the implementation, operation and maintenance, and continual improvement of the Information Security Management System.
- Define, establish and maintain cyber and information security compliance, incident management methodologies and processes.
- Leads the preparation and implementation of necessary information security policies, standards, procedures and guidelines in conjunction with adopted Information Security Management System and business requirements.
- Lead, manage, and guide the design and operation of related compliance monitoring and improvement activities to ensure adherence to internal security policies and applicable national laws and regulations.
- Report business units' information security compliance and information security governance KPIs to information security management at regular intervals and communicate non-compliance practices.
- Develop, maintain, and align Information security strategy and implementation to business strategy and objectives by maintaining information security roadmap for both corporate and critical operations.
- Analyze Information security costs, benefits, strategy, policies and service levels.
- Liaise with all Departments and Directorates to guarantee cyber and information security practices are adhered and performed.
- Ensure organizational cyber and information security compliance objectives are achieved.
- Develop, maintain, and improve cyber and information security incident management process.
Experience & Skills:
- Bachelor degree in Information Security, Computer Science, or Systems Engineering.
- Professional certifications in Information Security management and standards compliance (ISO27001 Lead Auditor/Implementer).
- CISSP, CISM Certifications are mandatory.
Please note that only those applicants selected for interviews will be contacted.
- Preferably 15 years of relevant professional experience; with 7 years in a managerial role in a large enterprise.
- Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas.
- Experience with and understanding of customized information security management systems.
- Knowledge of information security capabilities and requirements analysis.
- Knowledge of relevant state laws, industry regulations, and security standards.
- Excellent interpersonal coordination, negotiation, and expectation management skills.
- Excellent written and verbal business communication skills.