CYBER SECURITY GOVERNANCE MANAGER

    Emirates National Oil Company

    Brief Description


    Job Purpose

    Responsible for directing and co-coordinating the overall cyber security activities regarding governance of ENOC information and cyber security efforts towards protecting the organization information assets and critical infrastructure. Maintain and enforce cyber security policies, monitor compliance directly or in coordination with the cyber security assurance team. Participate in tracking risks and compliance items and assist security planning requirements as directed by the management.
    Detailed Description


    Principal Accountabilities

    Activity: Cyber Security Risk Management and compliance
    • manage risk assessment of cyber security risks in accordance with policies and procedures in defined intervals within ENOC.

    o Manage information asset and application risk assessments

    o Conduct risk assessments for new initiatives and projects

    o Conduct third-party risk assessments

    • Manage all the risk-related activities of cyber security, including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
    • Manage oversight and monitoring of risk mitigation and coordination of policy and controls with group cyber security manager, to ensure that risk owners are taking effective remediation steps
    • Benchmark cyber security risk management practices of other organizations — particularly those in related industries or with similar business models
    • Work directly with business units and other internal departments and organizations to facilitate cybersecurity risk analysis and management processes, identify acceptable levels of residual risk.
    • Coordinate cyber security and risk management projects with personnel from IT/OT departments, business unites, and other internal departments.
    • Contribute and assist in the cyber security risk treatment plan.
    • Review external cyber security risk assessments, analyze the accuracy of the findings and report on them with actionable recommendations to Group Cyber Security Manager and other stakeholders.
    • Reports to ENOC’s management concerning risks, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
    • Tracks and reports cyber security risk management trends, opportunities and remediation
    • Acts as cyber security risk management liaison with IT/OT departments and other internal departments.

    Activity: Compliance Management

    • track compliance with regulatory and other international information and cyber security standards.
    • Provide support and guidance for cyber security legal and regulatory compliance efforts, including audit support
    • Support the litigation group in cyber security related litigation
    • Manage outsourced vendors that provide cyber security functions and services for compliance and risk management
    • Develop and direct cyber security compliance control monitoring programs to ensure cyber compliance risks are managed to the appropriate level of acceptable residual risk
    • Coordinate the investigation of any potential unlawful or fraudulent action related to cyber security compliance, such as the intentional release of sensitive information or a related security breach
    • Manages relationship with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners.

    Activity: Governance Management

    • Maintain an up-to-date understanding of industry best practices, and monitor the regulatory environment for developments that could require changes to ENOC established cyber security policies and practices
    • Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken
    • Work with procurement, vendor management and the legal department to ensure that third-party suppliers’ contracts and operating-level agreements meet cyber security requirements
    • Ensure that business processes and practices are not in conflict with cyber security requirements
    • Assist in the identification, implementation and assessment of the process based security controls
    • Participate in development, review and acceptance of security plans with the stakeholders
    • Develop and facilitate a metrics and reporting framework to measure the efficiency and effectiveness of cyber security program
    • Develop, maintain and publish up-to-date information security policies, standards and guidelines
    • Oversee the approval, training, and dissemination of security policies and practices
    • Oversee the enforcement and reviews of governing cyber security policies and procedures
    • Assist in the identification, implementation and assessment of the process based security controls.

    Requirements

    EXPERIENCE:
    § A minimum of seven years of IT experience, with five years in a cyber security role and at least two years in a supervisory capacity.
    § Prior experience with cyber security in oil and gas industry or other critical infrastructure industries is preferred
    GENERAL SKILLS AND KNOWLEDGE:
    § Knowledge of common risk management methodologies
    § Basic knowledge of a broad range of standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, ISA99, NIST, etc
    § Familiarity with applicable legal and regulatory requirements, including, but not limited to, Federal Decree-Law No. 5 of 2012 on Combating Cybercrimes, Law No.26 of 2015 Regulating Data Dissemination and Exchange in the Emirate of Dubai, Dubai Information Security Regulation and UAE Information Assurance Standard
    § Knowledge and Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
    § In-depth understanding of cyber security governance and risks management
    § Knowledge of common ICS cyber security risks and controls
    § Proven ability to communicate with people at all levels — from developers to the board of directors
    § The ability to interact with ENOC personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives
    § Excellent written and verbal communication skills, including the ability to effectively communicate cyber security and risk-related concepts to technical and nontechnical audiences

    TECHNICAL SKILLS:
    § Excellent IT skills including all Microsoft Office programmes.
    § Strong presentation skills using MS PowerPoint.
    § Working knowledge of cyber security technical security systems.

    EDUCATION:
    § A bachelor’s degree in computer science; an M.B.A. or M.S. in information security is preferred.

    Professional certificate such as CISSP, CISM, C-CISO, GSEC is preferred

    Tagged as:

    To apply for this job please visit ebsdmz.enoc.com.