Emirates National Oil Company
- manage risk assessment of cyber security risks in accordance with policies and procedures in defined intervals within ENOC.
o Manage information asset and application risk assessments
o Conduct risk assessments for new initiatives and projects
o Conduct third-party risk assessments
- Manage all the risk-related activities of cyber security, including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
- Manage oversight and monitoring of risk mitigation and coordination of policy and controls with group cyber security manager, to ensure that risk owners are taking effective remediation steps
- Benchmark cyber security risk management practices of other organizations — particularly those in related industries or with similar business models
- Work directly with business units and other internal departments and organizations to facilitate cybersecurity risk analysis and management processes, identify acceptable levels of residual risk.
- Coordinate cyber security and risk management projects with personnel from IT/OT departments, business unites, and other internal departments.
- Contribute and assist in the cyber security risk treatment plan.
- Review external cyber security risk assessments, analyze the accuracy of the findings and report on them with actionable recommendations to Group Cyber Security Manager and other stakeholders.
- Reports to ENOC’s management concerning risks, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Tracks and reports cyber security risk management trends, opportunities and remediation
- Acts as cyber security risk management liaison with IT/OT departments and other internal departments.
Activity: Compliance Management
- track compliance with regulatory and other international information and cyber security standards.
- Provide support and guidance for cyber security legal and regulatory compliance efforts, including audit support
- Support the litigation group in cyber security related litigation
- Manage outsourced vendors that provide cyber security functions and services for compliance and risk management
- Develop and direct cyber security compliance control monitoring programs to ensure cyber compliance risks are managed to the appropriate level of acceptable residual risk
- Coordinate the investigation of any potential unlawful or fraudulent action related to cyber security compliance, such as the intentional release of sensitive information or a related security breach
- Manages relationship with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners.
Activity: Governance Management
- Maintain an up-to-date understanding of industry best practices, and monitor the regulatory environment for developments that could require changes to ENOC established cyber security policies and practices
- Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken
- Work with procurement, vendor management and the legal department to ensure that third-party suppliers’ contracts and operating-level agreements meet cyber security requirements
- Ensure that business processes and practices are not in conflict with cyber security requirements
- Assist in the identification, implementation and assessment of the process based security controls
- Participate in development, review and acceptance of security plans with the stakeholders
- Develop and facilitate a metrics and reporting framework to measure the efficiency and effectiveness of cyber security program
- Develop, maintain and publish up-to-date information security policies, standards and guidelines
- Oversee the approval, training, and dissemination of security policies and practices
- Oversee the enforcement and reviews of governing cyber security policies and procedures
- Assist in the identification, implementation and assessment of the process based security controls.
Professional certificate such as CISSP, CISM, C-CISO, GSEC is preferred
To apply for this job please visit ebsdmz.enoc.com.