Cybersecurity Specialist

Define communicate and control a strong and robust information security and cybersecurity governance program. Guide and implement cybersecurity practice and governance in the organization. Defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Establish and implement frameworks and related processes for continual adherence to YASREF's internal and external mandates. Responsible for implementing and auditing the controls needed to protect both company’s information as well as third party information from data breaches and cyber-attacks.

• Internal : Report and refer on a regular basis with hierarchy. Implement pertinent policies, exchange information, discuss and know relevant KPIs/performance parameters. Provide service to other organizations.
• External: NA

• Develop and update guidelines & procedures for Information Security Division to meet the Standard guidelines and compliance requirements.

• Ensure to follow Risk Assessment process as per ISO 31000 in line with its Corporate Enterprise Risk Management methodology.

• Conduct internal technical and process risk assessments as part of Self-Assessment activities at regular intervals.

• Review and measure the performance and effectiveness of the implemented OT & IT controls, mitigating IT Risks / gaps identified on an ongoing basis and build the ability, to prevent security incidents or responding quickly to any crisis situation and recover within agreed timeframe.

• Research and recommend appropriate technology controls to prevent, detect, respond to security compromise.

• Review Information Security postures by scheduling internal security audits periodically. Perform random security audits at vendor facilities. Facilitate and maintain audit evidence and closure of audit findings for all Internal Audits that include; Internal Controls Framework, Enterprise Risk Management – ERM, ISO 27001, ISA 99 / IEC 62443 and Corporate Governance Audits.

• Facilitate and maintain audit evidence and closure of audit findings for all Internal Audits that include; Internal Controls Framework, Enterprise Risk Management – ERM, ISO 27001, ISA 99 / IEC 62443 and Corporate Governance Audits.

• Adopt and Align the existing IT and OT Controls to meet the National Institute of Standards and Technology Cyber Security Framework (NIST–CSF), 800-82, 800-53 requirements to measure and enhance the i) Joint venture maturity assessment posture ii) Saudi Arabian Monetary Agency (SAMA) iii) National Cyber Security Authority – NCA iv) High Commission for Industrial Security (HCIS), and few other industry renowned best practices covered under ISO 27001 and SANS Top 20 Critical controls.

• Develop and implement a data classification and privacy framework and assist the business departments with appropriate categorization of the data to ensure adequate technical controls are applied to prevent any potential leakage of confidential information

• Establish a single IT and OT governance body, along with an advisory board including staff from the IT and the OT domains, to provide an overall oversight to develop a common IT guidelines and procedures for achieving integrated IT/OT security, through IT/OT Convergence

• Maintain and continually improve IT Governance functions.

• Review and analyze the existing process including but not limited to; Organizational Information Security, Access Controls, Change Management, Human Resource Security, Incident Management, Asset Management, Operational and Communicational Security, System development and maintenance process, Physical Security, IT Continuity and Compliance controls.

• Impart Information security awareness trainings and Phishing Simulation exercise at regular intervals to measure the awareness levels of all YASREF users.

• Design and develop appropriate training programs to enhance their security awareness levels, through all possible media /channels that include, email campaigns, online training modules and cyber security strength assessment programs, class room training programs, digital posters, screen savers etc.

• Study and Document the resources required including personnel in a disaster scenario and Identify the recovery priorities and categorize each process.

• Validate and analyze risks of disruptions of the organizations, prioritize activities and evaluate disruptions related risks and mitigate the problem in line with business continuity objectives.

• Prepare, validate and deliver an extensive OT and IT continuity requirement sheet with Key Risk Areas (KRA), Key Performance Indicators (KPI) with the metrics for measurement and improvement

• Provide the required support for the Industrial Control Systems, Electrical Automation Systems, Cyber security systems, network, and its operation.

• Participate in Cybersecurity researches and keep abreast of latest security issues. Actively participate in the higher education Cybersecurity community.

• Perform other job-related duties as assigned by the direct Supervisor.

• Bachelor’s Degree in Computer Science, IT, Computer Engineering or equivalent.

• Cybersecurity certification

15