GRC Specialist Professional
- Implement the Security Risk Assessment methodology, policy, and process.
- Perform hands-on gap or risk assessments to identify significant information security risks (including applications, systems, data centers, and infrastructure and vendor security risk assessments) to determine the organizational risk posture.
- Analyze vulnerability/threat pairs across Mobily platforms, determine the level of risk they represent, documenting the discoveries, and recommendation of effective controls
- Update the risk register, notify appropriate stakeholders, meet with business leaders where necessary, and help to drive risk to an acceptable level throughout Mobily
- Monitor the company’s information security risk profile and risk appetite to achieve optimal balance between business risk and opportunities.
- Ensure proper treatment of reported information security risks by reviewing risk mitigation plans, following up on risk mitigation activities, and escalating non-mitigated risks.
- Verify that planned risk response measures are implemented and information security requirements derived from/traceable to organizational missions/business functions, government legislation, directives, regulations, policies, and standards, and guidelines, are satisfied.
- Coordinate, monitor, and report the progress of IS risk remediation activities, resulting from oversight and monitoring processes.
- Develop and maintain current and complete IS risk profiles for all information systems, including software, devices, and infrastructure.
- Monitor compliance with Mobily’s policies, standards, guidelines and procedures
- Proactively manage the firm’s ISO 27001:2013 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification
- Recommend changes/enhancements to Mobily policy based upon the evolving threat landscape
- Build and maintain knowledge repository to facilitate audits, knowledge transfer and sharing. , Coordinate third party technical risk assessments and related audit activity
- Manage expectations and requests of internal and external auditors, incl. the establishment of a programme of audit and verification of compliance with both industry standards and the assurance framework in cooperation with the internal audit team. Promote and maintain security standards, policies and procedures, also by conducting security training and distributing security governance documents (covering end-to-end security) on a regular basis in order to ensure that employees have high awareness of and are prepared for security-related issues.
- Conduct Periodic compliance reviews against regulatory Information Security requirements and internal Policies, procedures and standards.
- Perform other duties as required bu higher levels of supervision.
in computer science/engineering, management information systems (MIS), or a related technical degree
- Job Location: Riyadh, Saudi Arabia
- Job Role: Information Technology
- Employment Type: Employee
- Number of Vacancies: 1
- Career Level: Mid Career
- Years of Experience : Min: 5
- Related Experience: IT, security, business process and GRC experience (preferably related to information security and information technologies). - Minimum of 5 years of experience in conducting information security risk assessment - Extensive knowledge or risk management concepts - Deep technical understanding of security threats, vulnerabilities and controls. - Experience in conducting risk-based information security audits - In-depth knowledge of information security management, practice, and understanding of privacy and security regulations, i.e., COBIT, NIST, NERC, ISA 99, IEC 61850, and ISO. - In-depth knowledge of information security GRC (governance, risk, compliance) methodologies, tools, and enablers. - Advanced experience with Governance, Risk and Compliance platforms (RSA Archer is preferred) - knowledge of ISO 27001:2013 - knowledge of risk management frameworks including; ISO 27005, OCTAVE, NIST and COBIT 5 Security certifications: - Certification in CISSP, CISA, CISM, CRISC, ITIL, NIST, ISO 27001/27002 or related standards preferred.
- Nationality: Saudi Arabia
- Degree: Bachelor's degree