Company: Saudi Aramco (ASC)
Experience: 8 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Saudi Arabia
In order to apply for this position, applicants MUST meet the following criteria. If your resume
does not match these criteria, you will not be able to apply for this position.
Req Number: 17349BR
We are seeking a Cybersecurity Architect to join the IT Cybersecurity GRC Division of Information Technology.
The IT Cybersecurity GRC Division is responsible for performing governance, risk, and compliance duties within the Information Technology Admin Area. Such roles include: developing cybersecurity strategies, developing and maintain cybersecurity architecture, developing and maintaining the cybersecurity technology road map, conducting risk assessments, identifying proper controls to mitigate the risks, managing the risk register, developing cybersecurity standards, developing and managing security metrics, and conducting compliance assessments.
The IT Cybersecurity Architect is a senior role expected to be able to perform the tasks of developing cybersecurity strategy, architecture, and the technology road map. In addition, you must be able to conduct technical risk assessments, and evaluate and recommend proper mitigation controls. You are expected to liaise with management at various levels to present the status on cybersecurity risks. In addition, you should be able to mentor other junior employees in the field.
As the successful candidate you should hold a bachelor's degree in Computer Science, Management of Information System (MIS), or Bachelor in Information Technology, from a recognized and approved program. An advanced degree is preferred.
You should have 8-10 years of working experience in different domains in the field of cybersecurity, at least five of which are as a cybersecurity architect.
You should be well-versed in Enterprise Security Architecture framework such as SABSA, and Risk Management frameworks such as ISACA Risk IT, ISO 27005, or others.
You should have a solid technical background in networking, network security, virtualization technologies, and network segmentation (such as SDN or NFV). Having experience in penetration testing and vulnerability assessment is a plus.
You will have excellent communication and presentation skills to be able to present and communicate to management at various level the status of cybersecurity risks and compliance.
In addition, you should have very effective technical writing skills to be able to develop the cybersecurity technology road map and risk assessments reports.
At least one of the following industry-leading certificate is required: SABSA Chartered Security Architect (SCF or above), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), or GIAC Certified in Strategic Planning, Policy & Leadership (GSTRT). Having more than one of the mentioned certifications is a plus.
Duties & Responsibilities:
You will be required to perform the following:
Define, develop, and maintain cybersecurity strategies
Define, develop, and maintain the cybersecurity technology road map
Define, develop, and maintain cybersecurity architecture
Conduct technical risk assessments for IT
Identify cybersecurity controls to mitigate identified risks in the IT Risk Register
Maintain an organization-wide Risk Register and Risk Database for IT
The Engineering & Project Management (E&PM) business line studies, plans and oversees the construction of the Company's new facilities, including some of the biggest and most complex projects in the petroleum industry. Recently, Saudi Aramco completed the largest capital program in its history that included new or expanded oil, gas and petrochemical facilities, raising maximum sustainable crude oil production capacity to 12 million barrels per day and significantly increasing gas production and processing capacities. Among the recently completed projects was the largest crude oil increment in the history of the industry: Khurais, with a production capacity of 1.2 million barrels per day. More challenges lie ahead, with a slate of new or expanded oil, gas, refining and petrochemical projects in the works. E&PM also manages the Company's Research & Development Center where scientists investigate topics such as the desulfurization of crude oil, advanced fuel formulations for next generation combustion engines, and reservoir nano-scale robots (Resbots™) for injection into reservoirs to record their properties.