Senior Specialist - IDS Risk, DR & Compliance

Provides end-to-end subject matter expertise and execution capabilities across the domains of technology risk management, disaster recovery, and regulatory compliance. The role supports developing and implementing frameworks, policies, and practices that protect our client’s digital infrastructure and ensure operational resilience.

The position will act in accordance with our client's Mission, Vision, Values, and strategies, as well as policies, guidelines, and standards, supported by an IT Technology platform, HSE standards, Omani government and other legal justifications, and best international practices in consonance with national objectives.

DUTIES & RESPONSIBILITIES:

Risk Management:

• Identify, assess, and monitor IDS-related risks including operational, infrastructure, and compliance risks.
• Conduct periodic risk assessments, internal audits, and gap analyses.
• Collaborate with IT, Cybersecurity, and Enterprise Architecture teams to define and implement control frameworks aligned to ISO 27005, NIST RMF, and COBIT principles.
• Maintain a centralized risk register and ensure timely mitigation, acceptance, transfer, or avoidance strategies for each identified risk.
• Regularly review risk appetite, metrics, and thresholds in collaboration with Governance and Internal Audit functions.

Disaster Recovery (DR Planning):

• Lead the design, implementation, testing, and continual improvement of IDS DR plans aligned with ISO 22301.
• Define business impact assessments (BIAs), RTOs (Recovery Time Objectives), and RPOs (Recovery Point Objectives) for critical systems and applications.
• Coordinate DR simulations, tabletop exercises, and live recovery tests across OQ’s digital environments.
• Ensure DR strategies are aligned with on-premises, private cloud, and hybrid cloud environments.
• Collaborate with business continuity leads across group entities to ensure interdependency planning and resilience readiness.

Compliance Management:

• Monitor and ensure compliance with internal policies, national regulations (e.g., Omani privacy laws), and global frameworks (e.g., GDPR, ISO 27001).
• Prepare for internal and external audits by maintaining a compliance evidence repository, ensuring traceability and accountability.
• Contribute to the development and update of IDS policies, procedures, Processes and SOPs.
• Conduct third-party risk assessments and ensure vendor compliance through contract clauses, periodic reviews, and audits.
• Liaise with legal, risk, and regulatory teams for evolving requirements.

Incident Response:

• Act as a core member of the Incident Response Team for IDS-related incidents.
• Help establish and maintain response playbooks for cyberattacks, data breaches, outages, and system compromises.
• Support forensic investigations and root cause analysis following incidents.
• Lead post-incident reviews and implement lessons learned into the risk and DR frameworks.

Training and Awareness:

• Design and deliver role-based training programs on risk management, DR awareness, and compliance best practices for IDS teams and business users.
• Drive a culture of risk ownership, security awareness, and policy compliance.
• Build and maintain a knowledge hub for best practices and regulatory updates.

Continuous Improvement:

• Monitor global trends in cyber resilience, regulatory technology (RegTech), and digital risk.
• Propose enhancements to current systems including automation, data analytics, and integrated dashboards for real-time visibility.
• Lead process maturity assessments using CMMI or similar frameworks and develop improvement roadmaps.

QUALIFICATION & EXPERIENCE

Experience Requirement:

• 6–8 years of experience in cybersecurity, risk management, compliance.
• Strong understanding of data protection laws and DR frameworks.
• Familiarity with industry standards (e.g., ISO 27001, NIST, CIS Controls).

Technical Expertise:

• Proficiency in risk and compliance tools.
• Knowledge of IT infrastructure, cloud, and access control mechanisms.
• Exposure to legal, regulatory, and audit requirements.
• Understanding of privacy-by-design and privacy-by-default principles.
• Familiarity with ITSM processes, SIEM/SOC practices, vulnerability management, and asset classification.
• Deep understanding of risk management, DR/BCM, compliance frameworks, and regulatory obligations.