Lead, Cybersecurity

Job title: Lead, Cybersecurity

Company: OQ


Job description: Job titleLead , CybersecurityGradeStreamICTFunctionICT – Outsource Service ManagementLocationOman (Muscat – Duqm)Budget control*OPEX and/or CAPEX and/or Revenue amount as relevant*Reporting toManager Outsource Service ManagementDirect reports0Job purposeLead the execution of Cybersecurity programs at OQ8, under delegated authority of Manager Outsource Service Management, as owner of Cybersecurity standards & solutions, through: (1) Lead the maintenance of security of networks and data and keep tabs on the systems employed by OQ8, reporting any issue(s) to management, (2) Lead the Cybersecurity Policies and Standards (IT/OT), (2) Support the cyber security management process by assessing the adequacy of risk management, information security and business continuity / disaster recovery controls of the company, and (3) Lead the Cybersecurity Governance; in order to support Information Management & digital Transformation at OQ and PT&C stream to ensure the continuity and efficiency of the business.The position will act in accordance with the OQ8’s Mission, Vision, Values & Strategies, as well as, policies, guidelines and standards, supported by an IT Technology platform, HSE standards, Omani’s government & other legal justification’s, and best international practices in consonance with national objectivesMain tasks and responsibilities

• Responsible for the assessing and documenting of the company’s compliance and risk posture as they relate to its information assets.
• Conduct and/or participate in Information Security Control assessments
• Author information security specifications. Supports the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified, quantified and monitored.
• Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company’s information and technology systems
• Authors or updates GRC Operational Procedures associated with Information Security Assessment support the Operations associated with Information Security Awareness Program
• Supports GRC Privacy assessments responsibilities
• Ensures implementation of risk management processes associated with project or control implementations
• Participate in GRC projects associated with Cyber Security controls or Cyber Security Operations
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Participate \ develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.
• General Risk Management Responsibilities: Has good knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department.
• Exhibits best practice risk management skills through effective compliance, IT security controls and improvement of risk management processes.
• Maintains excellent communication with various stakeholders and relevant authorities to ensure alignment with instructions, laws and regulations
• Reviews IT risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.
• Provides subject matter expertise in the area of cyber risk controls requirements
• Provides specialist cyber risk expertise to support IT projects and operational teams
• Maintains and tracks function risk register, progress to ensure closing and\or mitigation of identified risks.
• Liaises with different IT operational teams and business units on their assessment of cyber risks, and the controls
• Participates in security investigations and compliance reviews as requested.
• Prepare reports for senior management and external regulatory bodies as appropriate
• Participate as full member of IT emergency response team, on-call as per rotation
• Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors (state, internal, external) as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the company in its best light. Provide guidance, evaluation and advocacy on audit responses.
• Provide policies, processes and oversight that defines the structure by which the organization security needs and controls are directed and managed
• Effectively address and mitigate risks that can hinder the organization’s operations
• Ensure the organization security policies are compliant with all the relevant international and local regulations
• Manage the security of industrial control and automation systems devices, processes and events
• Define and maintain a framework to enable the entity´s ability to deliver functionality and outcomes continuously when facing a Cyber event
• Monitor and analyze cyber security controls deployed in the IT infrastructure, and proactively forecast and respond to impending Cyber threats or attacks
• Oversee the successful roll-out of cybersecurity projects

Key interactionsInternal: CSS – All OMT / non OMT functionsExternal: Staffing specialized Contractors, Vendors & SuppliersNotable Working Conditions. Office environment, intensive computer screen use, sporadic visits to operation site.Education requirementsMinimum Qualifications for this position is a Bachelor’s degree in information systems, computer science or related disciplines.LanguageExcellent knowledge of written, read, and spoken English (required)Background and experienceCompetencies and skillsDegreeBachelorYears of Experience10+ years of relevant experience

• Relevant experience in a similar role, in large oil industry.
• Experience in information security, specifically with penetration testing, intrusion detection, incident response or digital forensics
• Strong IT skills including knowledge on hardware, software, networks, data management and applications
• Skills of perception and QA, ability to identify vulnerabilities and overall issues
• Familiar with applicable standards, risk management, business continuity, cyber security
• Experience coordinating complex response activities with IT services department
• Experience working within a global team setting Experience conducting Information Security assessments.
• Experience working with formal control frameworks such as those published by NIST, ISO or PCI-DSS.
• Knowledge of information security risk management frameworks and compliance practices.
• Knowledge of securing network technologies, client, and server operating systems.
• Ability to develop security standards and guidelines based on best practices and industry standards
• Experience responding to, analyzing, and communicating information security incidents
• Must be aware of potential well laws and regulations affecting the environment including compliance and privacy, research compliance, state regulations.
• Information security related training or certifications such as CISSP or CRISC
• Audit Certifications preferred CISA or similar.

• Understanding of cyber security process
• Excellent business and technical report writing skills
• Very good knowledge in using PC software.
• Thorough work ethic, attention to detail
• Ability to communicate complex technology solutions to diverse teams namely, technical, business and management teams
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Critical thinking skills, problem solving aptitude

Job Req ID: 56209Date: Jan 8, 2025Location:Muscat, OMEntity: Duqm Refinery & PetrochemBusiness Unit: OQ8Division: People, Technology & CultureCountry/Region: OM

Expected salary:

Location: Muscat

Job date: Fri, 10 Jan 2025 04:06:37 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck