Job Details

ROLE PURPOSE:

Assist in the maintenance and implementation of the Information Security Management System and IT Risk management across the IT infrastructure and in monitoring corporate wide compliance with IT security policies, procedures and guidelines to ensure the effectiveness of company's Information Security and Risk Management Programs

 

KEY ACCOUNTABILITIES:

Risk and Compliance Management 

Identify any potential areas of compliance vulnerability and risk in order to implement corrective action plans for resolution of problematic issues.

Assist in the conduct of Risk assessment on the risks that could seriously impact IT services across enterprise IT infrastructure against the ISO 27001 standards and recommend the appropriate controls and risk plans and programs to mitigate the risk.

Monitor and identify any new technology risk threat and take pro-active measures to protect company's computing and networking environments.

Participate in the conduct of penetration testing to assess the vulnerabilities and weaknesses in the systems.

Participate in the planning for the restoration of IT services to provide adequate back-up and recovery mechanisms for unexpected contingencies.

Coordinate the internal and external audits and follow up the implementation of Audit recommendations with various IT sections.

Monitor the performance of the Risk and Compliance Program and related activities on a continuing basis in order to take appropriate steps to improve its effectiveness.

Track and analyze performance and security risk measures; Study and evaluate frequently reported problems to pro-actively take necessary actions to prevent them in the future.

Observe and participate in the evaluation of new technology to keep improving company’s IT Security infrastructure framework and pro-actively protect company’s against new threats and risks.

IT Security Ogerations and Administration

Provide input to the deveIOpment of enterprise IT Security policies, standards, best practices; monitor security profiles and report any violations.

Develop information security framework based on the 18027001 standard that defines how people, technology, and process should be assembled to secure the environment and remain consistent with business objectives.

Assist in the investigation of possible security exceptions to ensure information systems security is applied across the enterprise.

Implement process and methods for the purpose of auditing and addressing non-compliance issues to information security standards.

Provide input in the review of new information systems designs and major system modifications for compliance with information security policies and standards.

Provide input in planning of security administration for smooth implementation of all IT Projects 

Provide input in the planning and testing of the Contingency and Disaster Recovery activities to maintain service levels and ensure the continuous operation of the information services.

 

IT AUDIT 

Engage with external and internal auditors for compliance and audit programs.0

 

GENERIC Accountabilities

Supervision

Plan, supervise and coordinate all activities in the assigned area to meet functional objectives.

Train and develop the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives.

Budgets

Provide input for preparation of the Department/ Section budgets and assist in the implementation of the approved Budget and work plans to deliver Section objectives.

Investigate and highlight any significant variances to support effective performance and cost control. 

 

Policies Systems. Processes & Procedures

Implement approved Department/ Section policies, processes, systems, standards and procedures in order to support execution of the Department / Section’s work programs in line with Company and International standards.

Comply with all applicable legislation and legal regulations.

 

Performance Management

Contribute to the achievement of the approved Performance Objectives for the Department / Section in line with the Company Performance framework.

Innovation and gontinuous Imprgvement

Design and implement new tools and techniques to improve the quality and efficiency of operational processes.

Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with ISO standards in order to define intelligent solutions for issues confronting the function.

Health. Safgty. Environment (HSE) and Sustainabilig

Comply with relevant HSE policies, procedures & controls and applicable legislation and sustainability guidelines in line with international standards, best practices and ADNOC Code of Practices Reports

Provide inputs to prepare Section M15 and progress reports for Company Management

 

Planning

Plan/Schedule implementation of routine system maintenance plan and system platform upgrades 

Business Continuity Planning

 

Relationship Management

DeveIop and maintain effective business relationships with all relevant internal departments & external entities (such as government authorities, service providers etc.) with highest provided. standards of business ethics, whilst promptly attending to all critical issues in-order to ensure the services required by the organization are delivered in the most effective manner. 

Create effective communication channels across ESNAAD, advice and guide managers and employees at all levels both proactively and in response to requests to resolve problems and establish clarity of Talent Management policies and procedures.  

 

Continuous Improvement

Promotes innovation, departmental improvement and team working for continuous improvement of knowledge base, cost- Promotes innovation, departmental improvement and team working for continuous improvement of knowledge base, cost-consciousness, and Quality and Safety Procedures taking into account ‘international best practice’, improvement of business processes, cost reduction and productivity improvement.

MIS and report 

Supervise the preparation of timely and accurate departmental MIS statements and reports of the Talent Management operations to meet ESNAAD and HR & Administration Division requirements, policies and standards.

 

Safety, Quality & Environment

Ensure compliance to all relevant safety, quality and environmental management procedures and controls across the department to guarantee employee safety, legislative compliance, delivery of high quality products/service and a responsible environmental attitude.

Conduct all business activities in accordance to ESNAAD HSE policies, Legal Compliance requirements and ESNAAD Core Values.

 

FRAMEWORKS, BOUNDARIES, & DECISION MAKING AUTHORITY:

IT Security Engineer reports to IT Security Department Manager, and confers with the latter on critical and strategic issues.

Key decisions having significant impact on the Information Security are referred to the Manager, IT Division for approval before implementation.

The jobholder exerciSes financial authority as per the level established by ESNAAD’s mafigement

 

COMMUNICATIONS &WORKING RELATIONSHIPS

Internal:

Daily contact with IT Division Colleagues, users, professionals and management to discuss requirements and problems to determine Optimum technical solutions in line with ESNAAD Business Goals.

External:

Contact with vendors and ADNOC Group Companies to acquire Information for satisfying the user’s needs.

 

KNOWLEDGE,SKILLS & EXPERIENCE:

Knowledge:

B.Sc. in Information Systems, Computer Science or equivalent business studies with background in the functional area.

6 years of experience in Information Technology , including 3 years in the administration and experience with security monitoring tools and firewall/gateway configuration and management

Hold Professional Certification in CISA, CISM, CISSP, CCNA would be plus. 

 

Skills:

IT Security Planning and Administration

IT Security System Design, installation, integration and testing

IT Project Management

Excellent oral and written communication skill in English and the ability to collaborate in a multicultural, multinational team environment.

Ability to work to a very high level of detail and accuracy.

Must have strong Eggnizational, communication and interpersonal skills

Ability to drive organizational climate/culture.

Strong written, presentation and report management ability.

Demonstrated ability to work in a proactively diverse and inclusive organization.

Demonstrated ability to muiti-task and work in a fast-paced office setting.

Ability to work under pressure and adjust quickly to changing priorities

Able to understand, speak, read and write English & Arabic fluently.

 

COMPETENCIES:

Achievement Orientation, innovative thinking, proactive, highly adaptable to change. Problem Solving, Customer Focus, Relationship Building, Problem Solving