Specialist, Risk & Compliance (IT Sec.)

ADNOC Group


Date: 3 hours ago
City: Abu Dhabi
Contract type: Full time
JOB PURPOSE:

Formulate and implement a forward-thinking strategic risk management framework that aligns with the organization's long-term objectives including identifying, assessing, and mitigating strategic risks to safeguard the organization's reputation, financial stability, and sustainable growth.

KEY ACCOUNTABILITIES:

Risk Assessment

  • Conduct risk assessments within the organization's Digital/OT cybersecurity including identifying and evaluating potential IT/OT risks and vulnerabilities that could impact the organization's strategic objectives, financial stability, and overall performance.
  • Model hypothetical scenarios that could pose significant risks to the organization and develop strategies to mitigate these risks.
  • Assess risks accurately and provide actionable recommendations in helping the organization make informed choices and interventions.
  • Collect evidence for relevant risks controls implementations.

Strategic risk management framework

  • Implement a strategic risk management framework to address identified risks in a systematic and proactive manner, aligning risk mitigation strategies with the organization's long-term goals.
  • Prepare annual plan and demands for relevant IT/OT Risk Management and compliance.
  • Report on Digital/OT Cybersecurity risks, compliance actions, and treatment plan.
  • Work closely and Support the ERM team for management of risks and their controls in ERM register.
  • Perform the role of Risk Champion for Digital Division as part of Corporate and Group ERM processes.
  • Setup and manage governance structures to manage risk profile and cybersecurity scorecards.
  • Manage risk reporting and communication at levels in Group Company and HQ.

Compliance monitoring

  • Monitor and assess compliance with relevant laws, regulations, and industry standards. Develop and maintain a compliance framework that aligns with leading practices.
  • Stay updated on changes in relevant regulations and standards that may impact the organization’s operations and ensure timely adjustments to compliance procedures.
  • Work closely with ADNOC HQ/Group Digital to develop, enhance, and maintain compliance programs, policies, procedures, and guidelines that align with industry leading practices and regulatory requirements.
  • Implement and utilize relevant compliance monitoring tools and technology to automate compliance checks, streamline reporting, and enhance the efficiency of compliance monitoring processes.
  • Monitor compliance of third-party vendors, suppliers, and partners to ensure they meet relevant organization’s standards and regulatory requirements.
  • Develop and maintain a relevant due diligence process for onboarding and monitoring third-party relationships.
  • Track Cybersecurity controls implementation in liaison with local functions, Shared Services and Group Digital, along with their evidence.
  • Conduct OT Cybersecurity compliance review.

Monitoring Key Risk Indicators (KRIs):

  • Identify and track key risk indicators (KRIs) that are relevant to compliance and can serve as early warning signs for potential compliance issues.
  • Develop a system for relevant regular KRI reporting and analysis and initiate appropriate actions in response to deviations from expected compliance levels.

Security and compliance training and awareness:

  • Organize and facilitate compliance training programs and awareness campaigns for employees, contractors, and relevant stakeholders to promote a culture of relevant compliance.
  • Ensure employees understand their relevant compliance responsibilities and obligations.
  • Conduct awareness sessions for users in any aspects of Cybersecurity and Information Assets Protection.
  • Support in design and provision of different awareness / training contents.
  • Analyse effectiveness of provisioned awareness / trainings.

Incident reporting and response:

  • Supporting the relevant process for reporting and follow ups for compliance violations, incidents, or breaches.
  • Implement incident response plans to address relevant compliance violations promptly and effectively, ensuring proper documentation and corrective actions.
  • Work closely and support SOC, VMS and Red teams for handling and follow up of reported incidents.

Regulatory liaison:

  • Where necessary, maintain positive relationships with regulatory authorities and external bodies, ensuring or supporting timely and accurate submission of required compliance documents and information.

Compliance culture advocacy:

  • Act as an advocate for a strong compliance culture within the organization, emphasizing the importance of ethical conduct, integrity, and adherence to compliance standards at all levels of the organization.

Projects and KPI Management:

  • Manage and track relevant projects in liaison with local functions, Shared Services and Group Digital.
  • Communicate, Support and Coordinate with stakeholders during relevant Group Digital Cybersecurity projects activities.
  • Engage in relevant scoping, technical evaluation and call off orders.
  • Plan, supervise and coordinate relevant activities to meet functional and group objectives and KPIs.

Business Continuity Management:

  • Prepare relevant annual DR Drill plan and demands for Digital Business Continuity Management in liaison with local functions, Shared Services and Group Digital.
  • Work closely with local functions, Group Digital and Shared Services to identify relevant potential impacts of various disruptions / incidents and disaster scenarios and contribute to making recommendations.

QUALIFICATIONS, EXPERIENCE, KNOWLEDGE & SKILLS:

Minimum Qualification

  • Bachelor’s degree in computer science, engineering, information security or equivalent

Minimum Experience & Knowledge & Skills

  • 10 years of experience in IT/OT risk management, security governance, audit projects
  • Proven capability in International Standards such as ISO 27001, ISA/IEC 62443, CSA, COBIT, CIS, Cybersecurity Standards, NIST, etc.
  • Certification in at least one of the following: CGEIT, CISSP, GICSP, CCSK, CISA+CISM
  • Good technical competencies and exposure to IT/OT application or infrastructure development, support, and management of PLC, DCS, SCADA systems.

2552

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Engineer - Cloud Operations

Core42, Abu Dhabi
3 hours ago
OverviewThe Engineer - Cloud Operations will play a key role in supporting the design, implementation, and ongoing management of Core42’s Azure cloud environment. This position focuses on deploying cloud resources through automation, ensuring seamless integration of services, and contributing to the development of a scalable and efficient cloud infrastructure. The ideal candidate will have hands-on experience with Azure services and...

English Content Writer

APCO, Abu Dhabi
4 hours ago
Job DescriptionWe are currently looking for a mid-level experience English editor to join our communications team and advise government and corporate relations clients.The expectation for this role is to provide informative and appealing content that engages different stakeholders in a strong storytelling approach.Primary Duties And ResponsibilitiesUnderstand the requirements of various teams and convey the client’s key messages adequately and appropriately...

Director of Finance (Healthcare Domain)

S&K HR Consulting, Abu Dhabi
1 day ago
Our client is a pioneering Healthcare and Lifestyle Medicine Innovation Center based in Abu Dhabi, UAE, dedicated to transforming the future of health and longevity. At the intersection of cutting-edge research, personalized care, and lifestyle medicine, they are reshaping the way health and wellness are approached across the region. With a core mission to help people live healthier, longer lives,...