Cybersecurity Specialist

Job Scope

The Cybersecurity Specialist will be responsible for establishing and maintaining a robust information security and cybersecurity governance program. This role involves guiding and implementing cybersecurity practices across the organization, focusing on defending systems, networks, and data from malicious attacks. Key duties include developing and implementing frameworks for adherence to mandates, and conducting audits to protect company and third-party information from breaches and cyber-attacks.

Communication

• Internal: Regular reporting to hierarchy, policy implementation, information exchange, KPI discussions, and providing services to other departments.
• External: Not applicable.

Key Duties and Responsibilities

• Develop and update guidelines and procedures for the Information Security Division to meet standard guidelines and compliance requirements.
• Ensure adherence to the Risk Assessment process as per ISO 31000 and the Corporate Enterprise Risk Management methodology.
• Conduct internal technical and process risk assessments as part of regular self-assessment activities.
• Review and measure the performance and effectiveness of implemented OT & IT controls, mitigating identified IT risks and gaps.
• Research and recommend appropriate technology controls for preventing, detecting, and responding to security compromises.
• Schedule and perform internal security audits periodically, including random audits at vendor facilities.
• Facilitate and maintain audit evidence and closure of findings for Internal Controls Framework, Enterprise Risk Management (ERM), ISO 27001, ISA 99 / IEC 62443, and Corporate Governance Audits.
• Align existing IT and OT Controls with NIST Cybersecurity Framework (NIST–CSF), 800-82, 800-53 requirements, and other industry best practices like ISO 27001 and SANS Top 20 Critical Controls. This includes assessing joint venture maturity, Saudi Arabian Monetary Agency (SAMA), National Cyber Security Authority (NCA), and High Commission for Industrial Security (HCIS) requirements.
• Develop and implement a data classification and privacy framework to assist business departments in categorizing data and applying adequate technical controls to prevent confidential information leakage.
• Establish a unified IT and OT governance body and an advisory board with representatives from IT and OT domains to oversee the development of common IT guidelines and procedures for integrated IT/OT security through IT/OT Convergence.
• Maintain and continuously improve IT Governance functions.
• Review and analyze existing processes, including Organizational Information Security, Access Controls, Change Management, Human Resource Security, Incident Management, Asset Management, Operational and Communicational Security, System Development and Maintenance, Physical Security, IT Continuity, and Compliance controls.
• Conduct regular information security awareness training and phishing simulation exercises to assess user awareness levels.
• Design and develop training programs using various media channels (email campaigns, online modules, classroom training, posters, screen savers) to enhance security awareness.
• Document required resources, including personnel, for disaster scenarios, and identify recovery priorities and process categorization.
• Validate and analyze risks of organizational disruptions, prioritize activities, and evaluate mitigation strategies in line with business continuity objectives.
• Prepare, validate, and deliver comprehensive OT and IT continuity requirement sheets with Key Risk Areas (KRAs) and Key Performance Indicators (KPIs) for measurement and improvement.
• Provide necessary support for Industrial Control Systems, Electrical Automation Systems, cybersecurity systems, and network operations.
• Participate in cybersecurity research and stay updated on the latest security issues, actively engaging with the higher education cybersecurity community.
• Perform other job-related duties as assigned by the supervisor.

Education and Certification Requirements

• Bachelor’s Degree in Computer Science, IT, Computer Engineering, or equivalent.
• Relevant cybersecurity certification.