Company: Saudi Aramco
Skills: IT - Analysis & Management, IT - Programming & Database, Architect
Experience: 8 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Dhahran, Eastern Province, Saudi Arabia
No location/work authorization restrictions found.


Position Description

We are seeking a Cybersecurity Architect to join the IT Cybersecurity GRC Division of Information Technology.

The IT Cybersecurity GRC Division is responsible for performing governance, risk, and compliance duties within the Information Technology Admin Area. Such roles include: developing cybersecurity strategies, developing and maintain cybersecurity architecture, developing and maintaining the cybersecurity technology road map, conducting risk assessments, identifying proper controls to mitigate the risks, managing the risk register, developing cybersecurity standards, developing and managing security metrics, and conducting compliance assessments.

The IT Cybersecurity Architect is a senior role expected to be able to perform the tasks of developing cybersecurity strategy, architecture, and the technology road map. In addition, you must be able to conduct technical risk assessments, and evaluate and recommend proper mitigation controls. You are expected to liaise with management at various levels to present the status on cybersecurity risks. In addition, you should be able to mentor other junior employees in the field.
Minimum Requirements

As the successful candidate you should hold a bachelor's degree in Computer Science, Management of Information System (MIS), or Bachelor in Information Technology, from a recognized and approved program. An advanced degree is preferred.

You should have 8-10 years of working experience in different domains in the field of cybersecurity, at least five of which are as a cybersecurity architect.

You should be well-versed in Enterprise Security Architecture framework such as SABSA, and Risk Management frameworks such as ISACA Risk IT, ISO 27005, or others.

You should have a solid technical background in networking, network security, virtualization technologies, and network segmentation (such as SDN or NFV). Having experience in penetration testing and vulnerability assessment is a plus.

You will have excellent communication and presentation skills to be able to present and communicate to management at various level the status of cybersecurity risks and compliance.

In addition, you should have very effective technical writing skills to be able to develop the cybersecurity technology road map and risk assessments reports.

At least one of the following industry-leading certificate is required: SABSA Chartered Security Architect (SCF or above), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), or GIAC Certified in Strategic Planning, Policy & Leadership (GSTRT). Having more than one of the mentioned certifications is a plus.
Duties and Responsibilities

You will be required to perform the following:

Define, develop, and maintain cybersecurity strategies

Define, develop, and maintain the cybersecurity technology road map

Define, develop, and maintain cybersecurity architecture

Conduct technical risk assessments for IT

Identify cybersecurity controls to mitigate identified risks in the IT Risk Register

Maintain an organization-wide Risk Register and Risk Database for IT