OQ8 - Expert, Cybersecurity & GRC

Job title

Expert, Cybersecurity & GRC

Stream

IDS

Function

IDS – Digital Application & Cyber Security

Location

Oman, Muscat

Budget control

*OPEX and/or CAPEX and/or Revenue amount as relevant*

Reporting to

Head, Digital Application & Cybersecurity

Direct reports

0

Job purpose

Lead the execution of Cybersecurity programs at OQ8, under delegated authority of Manager Outsource Service Management, as owner of Cybersecurity standards & solutions, through:  (1) Lead the  maintenance of security of networks and data and keep tabs on the systems employed by OQ8, reporting any issue(s) to management, (2) Lead the Cybersecurity Policies and Standards (IT/OT), (2) Support the cyber security management process by assessing the adequacy of risk management, information security and business continuity / disaster recovery controls of the company, and (3) Lead the Cybersecurity Governance; in order to support Information Management & digital Transformation at OQ and PT&C stream to ensure the continuity and efficiency of the business.

The position will act in accordance with the OQ8’s Mission, Vision, Values & Strategies, as well as, policies, guidelines and standards, supported by an IT Technology platform, HSE standards, Omani’s government & other legal justification’s, and best international practices in consonance with national objectives

Main tasks and responsibilities

• Responsible for the assessing and documenting of the company’s compliance and risk posture as they relate to its information assets.
• Conduct and/or participate in Information Security Control assessments
• Author information security specifications. Supports the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified, quantified and monitored.
• Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company's information and technology systems
• Authors or updates GRC Operational Procedures associated with Information Security Assessment support the Operations associated with Information Security Awareness Program
• Supports GRC Privacy assessments responsibilities
• Ensures implementation of risk management processes associated with project or control implementations
• Participate in GRC projects associated with Cyber Security controls or Cyber Security Operations
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Participate \ develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.
• General Risk Management Responsibilities: Has good knowledge of applicable risk management practices required to create a
• Reviews IT risk assessments, analyses the effectiveness of information security control activities, and reports on them with actionable recommendations.
• Provides subject matter expertise in the area of cyber risk controls requirements
• Provides specialist cyber risk expertise to support IT projects and operational teams
• Prepare reports for senior management and external regulatory bodies as appropriate
• Participate as full member of IT emergency response team, on-call as per rotation
• Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors (state, internal, external) as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the company in its best light. Provide guidance, evaluation and advocacy on audit responses.
• Provide policies, processes and oversight that defines the structure by which the organization security needs and controls are directed and managed
• Manage the security of industrial control and automation systems devices, processes and events
• Manage the development of cyber security roadmaps and security strategies.
• Define and maintain a framework to enable the entity´s ability to deliver functionality and outcomes continuously when facing a Cyber event
• Monitor and analyze cyber security controls deployed in the IT infrastructure, and proactively forecast and respond to impending Cyber threats or attacks
• Manage cyber security budget planning and monitoring.
• Business continuity and disaster recovery planning / implementation.
• Managed service oversight / vendor management.
• Oversee the successful roll-out of cybersecurity projects

Education requirements

Minimum Qualifications for this position is a Bachelor’s  of Science degree in Computer Science, Computer Engineering or Cyber Security.

Language

Excellent knowledge of written, read, and spoken English (required)

Background and experience

Competencies and skills

• Relevant experience in a similar role, in large energy industry. 
• Experience in information security, specifically with penetration testing, intrusion detection, incident response or digital forensics
• Experience and exposure to operational technology / industrial  control systems including SCADA, process control networks, or industrial cybersecurity frameworks.
• Strong IT skills including knowledge on hardware, software, networks, data management and applications.
• Hands-on experience with security with security technologies such as firewalls. EDR/XDR, SIEM, email security, DLP, MFA and privileged access management.
• Familiarity with Microsoft environments such as MS 365, Azure / Entra ID, windows server, active directory and end point security.
• Experience with third-party/vendor security reviews and contract security requirements.
• Experience in Awareness and training programs including phishing simulations and user awareness initiatives.

• Understanding of cyber security process
• Excellent business and technical report writing skills
• Very good knowledge in using PC software.
• Thorough work ethic, attention to detail
• Ability to communicate complex technology solutions to diverse teams namely, technical, business and management teams
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Critical thinking skills, problem solving aptitude