Skills: IT - Analysis & Management
Experience: 12 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Dhahran, Eastern Province, Saudi Arabia
No location/work authorization restrictions found.
Saudi Aramco's dependence on information technology to support business functions introduces new challenges and responsibilities, making it vital to understand and secure all aspects of organizational information assets. The ISA function is of critical importance for information security across Saudi Aramco. Information Security Analysts (ISAs) control information assets and are Saudi Aramco's first line of defense.
This role is responsible for implementing Investor Relations' (IR) Data Protection Program, conducting risk assessments, identifying risks, and overseeing the implementation of proper information security controls to protect information assets; as well as leading information security projects and initiatives, and enforcing compliance with information security policies. The ISA will also act as a senior representative on all information security related activities, and will need to will establish networking relationships with internal and external affiliates to share best practices.
Bachelor's in Computer Science, Computer Engineering, Management Information Systems, Information Technology, Information Assurance, Information Security or related degree, relevant professional certifications such as Certified Information Security Manager (CISM), ISO27001 Master in Information Security, and/or Certified Risk and Information Security Control (CRISC) are preferred.
12+ years' computer systems analysis experience, at least five of which must include information security.
Excellent communication skills.
Duties and Responsibilities
Develop, manage, and update the IR Data Protection program, ensuring compliance with the company's information security policies, standards and guidelines.
Identify, classify, and establish an inventory of IR's information assets.
Ensure that effective controls are implemented to eliminate or minimize the impact and probability of the risks associated with information assets.
Coordinate and execute IT security projects as directed.
Enforce and administer that best practices for Access Control are implemented to safeguard information and computing resources of Saudi Aramco, such as least privilege, need to know, limited time access, SAP role certification, use of Active Directory and HR Security groups.
Perform risk assessment to identify business risks, threats, and vulnerabilities related to IR's information assets.
Coordinate with the information assets owner to identify and document adequate controls using risk based and business impact assessment to mitigate risks.
Ensure that appropriate awareness program techniques are selected, and perform regular awareness events during the operational year.
Communicate data protection policies and requirements to external (3rd) parties and vendors.
Participate in the performance of internal data protection reviews to assess the completeness and compliance of the critical functions and controls implemented as part of the Data Protection Program, such as information asset management, risk assessment and risk treatment.
Ensure regular compliance checks to verify the level of awareness, compliance, and effectiveness of implemented data protection program.
Analyze violations of computer security procedures and provide recommendations to management to mitigate such violations.
Report and encourage reporting of Information Security Observations, system misuse, or security breach, or other irregularities.