1. Information Security Specialist
a) Supervises and directs the activity of assigned personnel.
b) Supports the employee development initiatives regarding information security through hosting training events and educational programs; manages, designs, develops, coordinates and deliver information security training programs.
c) Design and implements various technical and non- technical controls to ensure KOC's information systems are adequately protected from various internal and external threats.
d) Establishes and documents strategy, framework, policies and procedures in security domain of specialty (Cyber Threat, Governance, Risk and Compliance).
e) Ensure that the enterprise security architecture is clearly defined and aligned to KOC's enterprise IT architecture.
f) Facilitate, coordinate and conduct various audits and assessment activities across KOC.
g) Develop incident response and handling capabilities across relevant scope of services.
h) Derive vulnerabilities management program and takes measurements to confirm the effectiveness of the technical controls.
i) Support and Guide efforts in performing analysis to identify and respond to security incidents.
j) Plan, develop, implement and manage information security systems and procedures across KOC in one or more of the following areas (Governance, Risk, Compliance, IT/ OT Security Operations and Vulnerability Management).
k) Directs and administers information security performance review and corresponding corrective actions. This includes implementing leading international standards related to information security
within the company.
l) Leads the coordination with Concerned IT Teams and Crisis Management Teams to ensure timely incident response. This includes conducting root-cause analysis, provides mitigation plans and participating in developing IT response plans.
m) Prepares and administers contracts of information security projects. This includes preparation of technical specifications, tender documents and bids evaluation.
n) Leads and supervises all internal IT audit activities. Provides regular review of various IT security related issues to senior management and timely updates on IT projects.
o) Leads and manages the development of Information Security Governance program by adopting best practices methodologies, tools and reporting risk mitigation efforts to Information Security Management on a periodic basis.
p) Conducts regular assessments and reviews to report risk exposures along with remediation plans at enterprise level.
q) Coordinates with application and technology architects along with the project teams to assess impact of business driven initiatives on existing security architecture.
Qualification
University Degree in Computer Science/ Computer Engineering/ relevant Information Technology/ Bachelor degree with relevant experience.
Certified in at least one of the following Professional
Certifications:
CISM, CISSP, OSCP, CCIE Security, ISO 27001/ ISO 22301 Lead Auditor/ Lead Implementer,ISA 62443 Specialist, or any other relevant professional certifications from recognized professional security certification provider including SANS, GIAC, (ISC)2, Offensive Security, EC- Council, IRCA and ISACA.
Minimum Experience Requirement in Years
10+ years of overall Information Technology experience with 6+ years in Information Security.
Other Special Requirements: Prior experience with large enterprise is a plus.
2. Information Security Officer
Discipline/ Job Description
a) Perform as an effective team player; facilitate knowledge sharing activities and initiatives.
b) Implement and operate various technical controls to ensure KOC's information systems are adequately protected from various internal and external threats.
c) Documents and maintain policies, procedures and technical standards.
d) Assists in ensuring enterprise security architecture is clearly defined and aligned to KOC's enterprise IT architecture via various assessment and actively applying risk management framework.
e) Maintains the integrity of information and information systems by recommending appropriate information security controls to the information system owners and facilitate its implementation.
f) Performs various audits and assessments across KOC; to evaluate various solutions from security and compliance perspective to ensure required controls are applied for new and existing IT/ OT solution connected to KOC environment in compliance with KOC security architecture.
g) Conducts vulnerabilities assessment and takes measurements to confirm the effectiveness of the technical controls.
h) Develop and implement information security systems and procedures across KOC in one or more of the following areas (Governance, Risk Compliance, IT/ OT Security Operations and Vulnerability Management)
i) Facilitate resolution of assigned incidents in response to Security Monitoring, Incident Response and Vulnerability Management.
j) Develops and implements processes and procedures to ensure the protection of information systems from unauthorized access, use, disclosure in accordance to IS team Plans.
k) Review compliance of information security policies and procedures. This includes maintaining security related documents and technical requirements.
l) Develop and maintain information security technical reports, dashboards and IS performance metric to measures the IS objectives, reports gaps to the designated senior official, and aligns the IS objectives with the business objectives of the organization to monitor the information security controls performance.
m) Conducts appropriate training and regular updates on organizational policies and procedures to all employees at KOC and, where relevant, contractors and third party users to ensure appropriate behavior required protecting KOC information.
n) Reviews and analyze the security controls performance against targets on periodic basis.
Qualification
University Degree in Computer Science/ Computer Engineering/ relevant Information Technology/ Bachelor degree with relevant experience.
Certified in at least one or more of the following Professional Certifications:
CISM, CISSP, OSCP, CCIE , CISA, CEH, MCSE, ISO 27001 Auditor/ Implementer, ISO 22301 Auditor/ Implementer, ISA 62443 Specialist, or any other relevant professional certifications from recognized professional security certification provider including SANS, GIAC, (ISC)2, Offensive Security, EC- Council, IRCA and ISACA.
Minimum Experience Requirement in Years
10+ years of overall Information Technology experience with 4+ years in Information Security.
Other Special Requirements:
Prior experience with large enterprise is a plus.
2. Business System Analyst (Specialist)
• Identify and analyze IT project needs, determine hardware resources needed to meet objectives.
• Analyze the current technology environment to detect critical deficiencies and recommend solutions for improvement.
• Analyze technology industry and market trends, and determine their potential impact on the enterprise, Evaluation of fair market pricing of the existing infrastructure components
• Design and prepare RFPs for the hardware infrastructure solutions considering the optimal performance, cost effective solutions to the Company.
Consultation on application or infrastructure development projects to fit systems or infrastructure to the technical architecture and identify when it is necessary to modify the technical architecture to accommodate project needs.
Evaluate multi-vendors technologies Enterprise level hardware (Servers, Storage), IT Operations management software solution and different IT technologies.
Qualification: University Degree in Computer Science/ Information Technology/ any Engineering discipline.
Minimum Experience Requirement in Years:
15+ years of overall IT experience.
Interested candidates please read all the job descriptions of the position and send your CVs on recruitment@brightgulfkw.com and also mention the position you are applying for.