Analyze, implement and monitor risk and compliance management frameworks, policies, standards and best practices to maintain compliance with security-related compliance obligations (e.g. PCI-DSS and alignment to 27001).
Evaluate the technical controls and changes to PCI environments to ensure continued compliance and appropriate security is maintained.
Maintain relationships with internal and external audit and third-party consultants to provide primary contact point and to facilitate and support execution of audits. Assist with subsequent remediation efforts to achieve compliance and address security gaps.
Monitor the health of key technology controls by undertaking periodic control assurance activities. Maintain our perspective of key controls and oversee the maintenance of the key risk and control register.
Support our Security Advisors/Architects in ensuring security guidance for new commercial/technology initiatives to assess risk and meet minimum security compliance obligations.
Raise awareness and educate staff regarding compliance programs and broader security compliance obligations. Encourage a risk-mindset across all teams.
Developing security strategies and roadmaps
Developing and reviewing solution / capability design artifacts
Undertaking security threat and risk assessments
Delivering security architecture advice
Assisting in the evaluation of emerging technologies, service providers, tools, platforms and applications that are best suited to the specific needs of a given organization
Requirements
Bachelor's degree
Understanding and proven experience with frameworks and standards such as COBIT, NIST 800 series, ISO 27001, etc.
More than 7-10 years of experience of designing and implementing GRC controls and performing risk assessments for medium to large organizations.
Preferred to have worked as a consultant in several projects with a large scope
It is required to have extensive and demonstrated knowledge in cybersecurity concepts and the ability to understand risk management methods and approaches to measuring effectiveness.
Strong experience of performing gap analysis against compliance requirement
Excellent presentation skills and experience speaking about GRC and cybersecurity with top management executives.
Review, assess and develop information security policies and procedures based on benchmark and standards
Performing security configuration assessments against international baselines
Additional one of these certificates in the field of information security (CISSP, CISA, CISM, CRISC,ISO 27001...) is required.
Good knowledge of PCI DSS, SAMA CSF, SA-NCA Standards
Ability to work in a high-paced environment and manage multiple projects
Fluency in English and ability to write technical documents in English
Proficient in Microsoft Office
Beware of fraud agents! do not pay money to get a job
MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.