Company: Saudi Aramco
Skills: Risk Management, Security
Experience: 10 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Dhahran, Eastern Province, Saudi Arabia
No location/work authorization restrictions found.
We are seeking an IT Security Risk Management Analyst to join the Risk Management Division of the Information Security Department.
The Risk Management Division is responsible for maintaining the information security risk registers, risk management strategy, and the risk management implementation of the global operations of the company.
You will join the Information Security Risk Management team in risk identification, risk governance and risk monitoring for the global operations of the Company. You are required to interact with various technical IT organizations, business analysts, and with high-level management. You are also responsible for regular technical report writing, information security risk analyses, and conducting presentations are fundamental in this position.
As the successful candidate you will hold a Bachelor's degree in computer science/engineering, management information systems (MIS's), or a related bachelor's degree in information technology from a recognized and approved program. An advanced degree in cybersecurity is preferred.
You will have 10 years of experience in information security, including at least 5 years in conducting information security risk assessments or audits.
You must have good interpersonal skills and be fluent in written and oral English. Proficiency in the Arabic language is preferred but is not required.
You will have strong technical knowledge in IT networking, software development, databases, and in operating systems.
You will have the ability to write professional reports, develop and deliver professional presentations, work with individuals and groups at different organizational levels, and demonstrate constructive and assertive communication skills.
A background and knowledge in the oil and gas industry is preferred, and an in-depth understanding of information security governance, risk management, and compliance is required.
You have the following highly desired certifications:
Certified in Risk and Information Systems Control (CRISC)
Certified in Risk Management Assurance (CRMA)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)
Duties and Responsibilities
You will be required to perform the following:
Conduct information security risk assessments at technical and business levels in coordination with various individuals and groups. Complete risk assessment reports and provide presentations about them.
Conduct and facilitate information security risk identification, risk analysis, risk prioritization, risk treatment plan, and risk monitoring.
Provide guidance to improve information security risk management practices and conduct evaluation of risk management performance.
Define and maintain information security risk management framework, processes, and procedures.
Define and maintain risk registers, risk profiles, and risk metrics.
Develop documentations, presentations, and reports.
Coordinate and work with other information security organizations within the Company.
Lead or participate in information security projects.