Closed or Expired Job Posting This job posting is closed or has expired and is no longer open for applications.
- Implement the Security Risk Assessment methodology, policy, and process.
- Perform hands-on gap or risk assessments to identify significant information security risks (including applications, systems, data centers, and infrastructure and vendor security risk assessments) to determine the organizational risk posture.
- Analyze vulnerability/threat pairs across Mobily platforms, determine the level of risk they represent, documenting the discoveries, and recommendation of effective controls
- Update the risk register, notify appropriate stakeholders, meet with business leaders where necessary, and help to drive risk to an acceptable level throughout Mobily
- Monitor the company’s information security risk profile and risk appetite to achieve optimal balance between business risk and opportunities.
- Ensure proper treatment of reported information security risks by reviewing risk mitigation plans, following up on risk mitigation activities, and escalating non-mitigated risks.
- Verify that planned risk response measures are implemented and information security requirements derived from/traceable to organizational missions/business functions, government legislation, directives, regulations, policies, and standards, and guidelines, are satisfied.
- Coordinate, monitor, and report the progress of IS risk remediation activities, resulting from oversight and monitoring processes.
- Develop and maintain current and complete IS risk profiles for all information systems, including software, devices, and infrastructure.
- Monitor compliance with Mobily’s policies, standards, guidelines and procedures
- Proactively manage the firm’s ISO 27001:2013 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification
- Recommend changes/enhancements to Mobily policy based upon the evolving threat landscape
- Build and maintain knowledge repository to facilitate audits, knowledge transfer and sharing. , Coordinate third party technical risk assessments and related audit activity
- Manage expectations and requests of internal and external auditors, incl. the establishment of a programme of audit and verification of compliance with both industry standards and the assurance framework in cooperation with the internal audit team. Promote and maintain security standards, policies and procedures, also by conducting security training and distributing security governance documents (covering end-to-end security) on a regular basis in order to ensure that employees have high awareness of and are prepared for security-related issues.
- Conduct Periodic compliance reviews against regulatory Information Security requirements and internal Policies, procedures and standards.
- Perform other duties as required bu higher levels of supervision.
in computer science/engineering, management information systems (MIS), or a related technical degree