https://bayt.page.link/f6ypN899Wi59iGNC8

Specialist, Risk & Compliance (IT Sec.)

- ADNOC (Abu Dhabi National Oil Company)
- Abu Dhabi· UAE

Today 2025/03/29

Complete Questionnaire

Apply on company site

500 Employees or more · Other Business Support Services

Create a job alert for similar positions

Job Description

JOB PURPOSE:

Formulate and implement a forward-thinking strategic risk management framework that aligns with the organization's long-term objectives including identifying, assessing, and mitigating strategic risks to safeguard the organization's reputation, financial stability, and sustainable growth.

KEY ACCOUNTABILITIES:

Risk Assessment

Conduct risk assessments within the organization's Digital/OT cybersecurity including identifying and evaluating potential IT/OT risks and vulnerabilities that could impact the organization's strategic objectives, financial stability, and overall performance.
Model hypothetical scenarios that could pose significant risks to the organization and develop strategies to mitigate these risks.
Assess risks accurately and provide actionable recommendations in helping the organization make informed choices and interventions.
Collect evidence for relevant risks controls implementations.

Strategic risk management framework

Implement a strategic risk management framework to address identified risks in a systematic and proactive manner, aligning risk mitigation strategies with the organization's long-term goals.
Prepare annual plan and demands for relevant IT/OT Risk Management and compliance.
Report on Digital/OT Cybersecurity risks, compliance actions, and treatment plan.
Work closely and Support the ERM team for management of risks and their controls in ERM register.
Perform the role of Risk Champion for Digital Division as part of Corporate and Group ERM processes.
Setup and manage governance structures to manage risk profile and cybersecurity scorecards.
Manage risk reporting and communication at levels in Group Company and HQ.

Compliance monitoring

Monitor and assess compliance with relevant laws, regulations, and industry standards. Develop and maintain a compliance framework that aligns with leading practices.
Stay updated on changes in relevant regulations and standards that may impact the organization’s operations and ensure timely adjustments to compliance procedures.
Work closely with ADNOC HQ/Group Digital to develop, enhance, and maintain compliance programs, policies, procedures, and guidelines that align with industry leading practices and regulatory requirements.
Implement and utilize relevant compliance monitoring tools and technology to automate compliance checks, streamline reporting, and enhance the efficiency of compliance monitoring processes.
Monitor compliance of third-party vendors, suppliers, and partners to ensure they meet relevant organization’s standards and regulatory requirements.
Develop and maintain a relevant due diligence process for onboarding and monitoring third-party relationships.
Track Cybersecurity controls implementation in liaison with local functions, Shared Services and Group Digital, along with their evidence.
Conduct OT Cybersecurity compliance review.

Monitoring Key Risk Indicators (KRIs):

Identify and track key risk indicators (KRIs) that are relevant to compliance and can serve as early warning signs for potential compliance issues.
Develop a system for relevant regular KRI reporting and analysis and initiate appropriate actions in response to deviations from expected compliance levels.

Security and compliance training and awareness:

Organize and facilitate compliance training programs and awareness campaigns for employees, contractors, and relevant stakeholders to promote a culture of relevant compliance.
Ensure employees understand their relevant compliance responsibilities and obligations.
Conduct awareness sessions for users in any aspects of Cybersecurity and Information Assets Protection.
Support in design and provision of different awareness / training contents.
Analyse effectiveness of provisioned awareness / trainings.

Incident reporting and response:

Supporting the relevant process for reporting and follow ups for compliance violations, incidents, or breaches.
Implement incident response plans to address relevant compliance violations promptly and effectively, ensuring proper documentation and corrective actions.
Work closely and support SOC, VMS and Red teams for handling and follow up of reported incidents.

Regulatory liaison:

Where necessary, maintain positive relationships with regulatory authorities and external bodies, ensuring or supporting timely and accurate submission of required compliance documents and information.

Compliance culture advocacy:

Act as an advocate for a strong compliance culture within the organization, emphasizing the importance of ethical conduct, integrity, and adherence to compliance standards at all levels of the organization.

Projects and KPI Management:

Manage and track relevant projects in liaison with local functions, Shared Services and Group Digital.
Communicate, Support and Coordinate with stakeholders during relevant Group Digital Cybersecurity projects activities.
Engage in relevant scoping, technical evaluation and call off orders.
Plan, supervise and coordinate relevant activities to meet functional and group objectives and KPIs.

Business Continuity Management:

Prepare relevant annual DR Drill plan and demands for Digital Business Continuity Management in liaison with local functions, Shared Services and Group Digital.
Work closely with local functions, Group Digital and Shared Services to identify relevant potential impacts of various disruptions / incidents and disaster scenarios and contribute to making recommendations.

QUALIFICATIONS, EXPERIENCE, KNOWLEDGE & SKILLS:

Minimum Qualification

Bachelor’s degree in computer science, engineering, information security or equivalent

Minimum Experience & Knowledge & Skills

10 years of experience in IT/OT risk management, security governance, audit projects
Proven capability in International Standards such as ISO 27001, ISA/IEC 62443, CSA, COBIT, CIS, Cybersecurity Standards, NIST, etc.
Certification in at least one of the following: CGEIT, CISSP, GICSP, CCSK, CISA+CISM
Good technical competencies and exposure to IT/OT application or infrastructure development, support, and management of PLC, DCS, SCADA systems.

Apply on company site Email to Friend Complete Questionnaire

Send Me Similar Jobs

Compare your profile with other applicants

Cancel

You have reached your limit of 15 Job Alerts. To create a new Job Alert, delete one of your existing Job Alerts first.

MANAGE

Similar jobs alert created successfully. You can manage alerts in settings.

MANAGE

Similar jobs alert disabled successfully. You can manage alerts in settings.

MANAGE

See other jobs by
ADNOC (Abu Dhabi National Oil Company)

Technician, I-C (Maintenance Team, Western Area)
ADNOC (Abu Dhabi National Oil Company)
United Arab Emirates - Abu Dhabi

30+ days ago
Technician, Electrical (Elect. Maint. Sn, Area 3 & Utilities)
ADNOC (Abu Dhabi National Oil Company)
United Arab Emirates - Abu Dhabi

30+ days ago
Specialist, Artificial Lift
ADNOC (Abu Dhabi National Oil Company)
United Arab Emirates - Abu Dhabi

30+ days ago
Technician, Mechanical (Mechanical Maintenance Team - Bu Hasa)
ADNOC (Abu Dhabi National Oil Company)
United Arab Emirates - Abu Dhabi

30+ days ago
Engineer, Electrical Maintenance (Elect Maint Section A1& 2 - Ruways)
ADNOC (Abu Dhabi National Oil Company)
United Arab Emirates - Abu Dhabi

30+ days ago

View All Jobs

Upgrade to Premium

Promote your job application to the top.

Email me jobs like this

You can cancel job alerts at any time.
By clicking "Subscribe", you accept our Terms & Conditions.

Products By Bayt.com

Use Our Mobile App

Specialist, Risk & Compliance (IT Sec.)

Job Description