ISG and Business Process

POSITION DESCRIPTION:
Position Title:	Information Security & Governance Specialist
Reports to:	ICT Manager
Department:	ICT Department
Location:	Duqm/ Ras Markaz/ Muscat

JOB PURPOSE:

The primary purpose of the role is to lead the strategic management of ICT Governance, Risk, and Compliance (GRC), drive digital transformation, and ensure robust information security practices across the company. This role aligns ICT operations with business objectives, enhances organizational efficiency by designing and implementing innovative digital solutions, and fortifies the company's cybersecurity posture to mitigate risks and ensure business continuity. By business process reengineering using agile frameworks and lean principles, leveraging cutting-edge technologies like data analytics, robotic process automation and artificial intelligence, this position aims to deliver optimal ICT service quality, operational resilience, and data-driven decision- making.

Description

The ICT GRC and Digital Transformation Specialist is responsible for developing and enforcing ICT governance frameworks, managing risks, and ensuring compliance with regulatory and organizational policies. The role drives digital transformation by optimizing business processes using RPA, AI and other advanced technologies, implementing data analytics for decision- making, and enhancing operational efficiency. Additionally, it oversees information security practices, including incident management, cybersecurity audits, compliance reporting, and staff training. This role collaborates across departments to deliver innovative ICT solutions, maintain service excellence, and strengthen company’s cybersecurity and operational resilience.

	REPORTING STRUCTURE:
	Number of Staff Supervised		Direct Reports:	0
			Total:	0
Key interactions Internal: HSSE, Operations, Maintenance, Engineering, Finance, Procurement and Contracts, People, Corporate Communication and Facility Management External: OQ, Internal and External Auditors, Vendors, Service Providers and Regulatory Bodies
Rotating
Education requirements		Master’s degree in computer science, Information Security or a related field (or equivalent experience).
Language requirements		Exceptional proficiency in the English language, including written, verbal, and spoken communication (mandatory).

Responsibilities

ICT Governance, Risk, and Compliance (GRC) Management

ICT Governance Frameworks: Develop and enforce ICT governance frameworks to align ICT operations with organizational goals, ensuring compliance with industry standards, regulatory requirements, and internal policies.
Policy and Procedure Management: Create, update, and maintain ICT policies, procedures, and standards to ensure robust security, effective data management, and superior service delivery.
Strategic Planning: Lead the development of ICT strategies and operational plans, aligning them with business objectives, while monitoring and achieving defined KPIs and SLAs.
OT Cybersecurity Governance: Oversee Operational Technology (OT) cybersecurity governance, ensuring compliance with cybersecurity frameworks and clearly defined roles across departments.
Cybersecurity Audits: Conduct and support ICT and OT cybersecurity audits, addressing compliance gaps and implementing corrective actions.
Business Continuity Management: Lead business continuity management for ICT systems, ensuring readiness to maintain operations during disruptions.
Infrastructure Oversight: Oversee ICT infrastructure changes and ensure adherence to governance protocols, focusing on operational efficiency and service quality improvement.
Risk Assessment and Mitigation: Conduct risk assessments and implement risk mitigation strategies, managing compliance audits and ensuring continuous alignment with regulatory requirements.
Service Agreement Management: Support in negotiating and managing service agreements, ensuring service delivery aligns with SLAs while optimizing resource utilization.
Incident Management: Oversee ICT incidents, ensuring timely resolution and root cause analysis to drive continuous improvement.
Collaboration and Reporting: Collaborate with cross-functional departments and provide strategic updates to the ICT Manager on performance, risks, and governance issues.

Digital Transformation

Business Process Reengineering: Drive Business Process Reengineering by analyzing, redesigning, and optimizing workflows through innovative digital solutions including Sharepoint, PowerAutomate, PowerBI & Robotic Process Automation (RPA), AI integration, and workflow automation.
Data Analytics and Business Intelligence: Leverage Data Analytics and Business Intelligence by implementing advanced tools and platforms to enable data-driven decision-making, creating real-time dashboards, and delivering actionable business insight and build Dashboards using PowerBI.
Digital Transformation Strategy: Design and execute a comprehensive digital transformation strategy with clearly defined projects, timelines, and milestones to align with business objectives.
Process and Portal Management: Manage and enhance automated processes, dashboards, and manage content in online portals to streamline operations and improve efficiency.
Agile and Lean Methodologies: Adopt agile frameworks and lean principles to drive organizational efficiency, streamline processes, and foster a culture of continuous improvement and adaptability.

Information Security

Incident Management: Oversee timely incident management and post-incident improvements.
Cybersecurity in Digital Transformation: Ensure that the digital transformation initiatives incorporate robust cybersecurity measures, address data privacy, and comply with regulatory standards.
Security Compliance Reporting: Prepare and deliver security compliance reports, collaborating with departments like Operations, Maintenance and HSSE to maintain a unified information security strategy.
Cross-Functional Support: Provide cross-functional support, including identifying cybersecurity requirements for AMCs, allocating OT cybersecurity responsibilities, updating risk and business continuity registers, and assisting other departments.

Staff Training and Awareness: Conduct staff training programs to enhance cybersecurity awareness, promote best practices, and train employees in leveraging implemented digital solutions.

Information Security Projects: Oversee and provide support for information security projects, ensuring successful implementation and alignment with organizational goals.

Education requirements		Bachelor’s degree in information security, Computer Science, Information Systems, or related field (Master’s a plus). Professional certifications (one or more preferred): CISSP, CISM, GCIH, GCIA, GCFE, CEH, OSCP, ISO/IEC 27001 Lead Implementer/Lead Auditor, GICSP/GRID (for OT), or SIEM vendor certifications. Change Management certification/designation (desired).
Language requirements		Excellent knowledge of written, read, and spoken English (required) Arabic - Native (desirable)
	QUALIFICATIONS, EXPERIENCE, & SKILLS:
	+5 years of experience in ICT GRC, digital transformation, and information security roles. Proven expertise in implementing ICT governance frameworks, compliance programs, and risk management strategies. Extensive experience in business process reengineering, workflow automation, and digital solutions like robotic process automation (RPA), artificial intelligence, and advanced data analytics. Strong background in designing and executing digital transformation roadmaps aligned with organizational objectives. Expertise in cybersecurity governance, incident management, compliance auditing, and integrating robust security measures into ICT and OT systems. Experience in conducting cybersecurity awareness programs and implementing security projects. Proven ability to manage cross-functional teams and collaborate with senior stakeholders. Skilled in negotiating and managing service agreements and vendor relationships. A master’s degree in information security, or equivalent, and relevant industry certifications are preferred. Expertise in developing and implementing ICT governance frameworks, compliance programs, and risk management strategies. Advanced knowledge of business process reengineering, workflow automation, and digital solutions like robotic process automation, artificial intelligence, and data analytics. Strong skills in risk assessment, mitigation, and compliance auditing for ICT and OT systems. Comprehensive understanding of cybersecurity governance, incident management, data privacy, and regulatory compliance for ICT and OT systems. Proficiency in implementing analytics tools, creating dashboards, and enabling data-driven decision-making. Ability to align ICT operations and digital transformation initiatives with organizational goals. Experience in developing and delivering training programs to enhance organizational cybersecurity awareness. Proven experience managing cross-functional teams and fostering collaboration. Strong interpersonal and communication skills for engaging with senior management and stakeholders. Expertise in negotiating, managing, and evaluating service agreements and vendor performance. Quick decision-making for incident resolution and implementing root cause analysis for continuous improvement.

Job Req ID: 56917

Date: Mar 3, 2026

Location:

Muscat, OM

Entity: Oman Tank Terminal Co

Business Unit: OTTCO

Division:

Country/Region: OM