Cybersecurity Specialist I

1. Develop and update guidelines & procedures for Information Security Division meeting the Standards requirement.

2. Ensure to follow Risk Assessment process as per ISO 31000 in line with its Corporate Enterprise Risk Management methodology.

3. Research and recommend appropriate technology controls to prevent, detect, respond to security compromise.

4. Review Information Security postures by scheduling internal security audits periodically. Perform random security audits at vendor facilities. Facilitate and maintain audit evidence and closure of audit findings for all Internal Audits that include; Internal Controls Framework, Enterprise Risk Management – ERM, ISO 27001, ISA 99 / IEC 62443 and Corporate Governance Audits.

5. Adopt and Align the existing IT and OT Controls to meet the National Institute of Standards and Technology Cyber Security Framework (NIST–CSF), 800-82, 800-53 requirements to measure and enhance the i) Joint venture maturity assessment posture ii) Saudi Arabian Monetary Agency (SAMA) iii) National Cyber Security Authority – NCA iv) High Commission for Industrial Security (HCIS), and few other industry renowned best practices covered under ISO 27001 and SANS Top 20 Critical controls.

6. Develop and implement a data classification and privacy framework and assist the business departments with appropriate categorization of the data to ensure adequate technical controls are applied to prevent any potential leakage of confidential information.

7. Establish a single IT and OT governance body, along with an advisory board including staff from the IT and the OT domains, to provide an overall oversight to develop a common IT guidelines and procedures for achieving integrated IT/OT security, through IT/OT Convergence.

8. Review and measure the performance and effectiveness of the implemented OT & IT controls, mitigating IT Risks / gaps identified on an ongoing basis and build the ability, to prevent security incidents or responding quickly to any crisis situation and recover within agreed time frame.

9. Conduct internal technical and process risk assessments as part of Self-Assessment activities at regular intervals.

10. Maintain and continually improve IT Governance functions.

11. Review and analyze the existing process including but not limited to; Organizational Information Security, Access Controls, Change Management, Human Resource Security, Incident Management, Asset Management, Operational and Communicational Security, System development and maintenance process, Physical Security, IT Continuity and Compliance controls.

12. Impart Information security awareness trainings and Phishing Simulation exercise at regular intervals to measure the awareness levels of all YASREF users.

13. Design and develop appropriate training programs to enhance their security awareness levels, through all possible media /channels that include, email campaigns, online training modules and cyber security strength assessment programs, class room training programs, digital posters, screen savers etc.

14. Study and Document the resources required including personnel in a disaster scenario and Identifying the recovery priorities and categorization for each process.

15. Validate and analyze risks of disruptions of the organizations prioritized activities and evaluating disruptions related risks treatment in line with business continuity objectives.

16. Prepare, validate and deliver an extensive OT and IT continuity requirement sheet with Key Risk Areas (KRA), Key Performance Indicators (KPI) with the metrics for measurement and improvement.

17. Perform other job-related duties as assigned by the direct Supervisor.