Specialist, Risk & Compliance (IT Sec.)
Job Id 2552 Category Other United Arab Emirates 11/28/2024
JOB PURPOSE : Implement a strategic risk management framework to address identified risks in a systematic and proactive manner, aligning risk mitigation strategies with the organization's long-term goals. Prepare annual plan and demands for relevant IT/OT Risk Management and compliance. Report on Digital/OT Cybersecurity risks, compliance actions, and treatment plan. Work closely and Support the ERM team for management of risks and their controls in ERM register. Perform the role of Risk Champion for Digital Division as part of Corporate and Group ERM processes. Setup and manage governance structures to manage risk profile and cybersecurity scorecards. Manage risk reporting and communication at levels in Group Company and HQ. Monitor and assess compliance with relevant laws, regulations, and industry standards. Develop and maintain a compliance framework that aligns with leading practices. Stay updated on changes in relevant regulations and standards that may impact the organization’s operations and ensure timely adjustments to compliance procedures. Work closely with ADNOC HQ/Group Digital to develop, enhance, and maintain compliance programs, policies, procedures, and guidelines that align with industry leading practices and regulatory requirements. Implement and utilize relevant compliance monitoring tools and technology to automate compliance checks, streamline reporting, and enhance the efficiency of compliance monitoring processes. Monitor compliance of third-party vendors, suppliers, and partners to ensure they meet relevant organization’s standards and regulatory requirements. Develop and maintain a relevant due diligence process for onboarding and monitoring third-party relationships. Track Cybersecurity controls implementation in liaison with local functions, Shared Services and Group Digital, along with their evidence. Conduct OT Cybersecurity compliance review. Organize and facilitate compliance training programs and awareness campaigns for employees, contractors, and relevant stakeholders to promote a culture of relevant compliance. Ensure employees understand their relevant compliance responsibilities and obligations. Conduct awareness sessions for users in any aspects of Cybersecurity and Information Assets Protection. Support in design and provision of different awareness / training contents. Analyse effectiveness of provisioned awareness / trainings. 10 years of experience in IT/OT risk management, security governance, audit projects Proven capability in International Standards such as ISO 27001, ISA/IEC 62443, CSA, COBIT, CIS, Cybersecurity Standards, NIST, etc. Certification in at least one of the following: CGEIT, CISSP, GICSP, CCSK, CISA+CISM Good technical competencies and exposure to IT/OT application or infrastructure development, support, and management of PLC, DCS, SCADA systems. Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates Location Abu Dhabi, United Arab Emirates
