Senior Security Analyst (GRC)

Overview

The Senior Security Analyst will support Aramco Asia cybersecurity Governance Risk and Compliance function, lead cybersecurity projects, and work with external partners such as Saudi Aramco to strengthen Aramco Asia's cybersecurity resilience, and protect its information assets by ensuring proper governance, risk and compliance to policies and regulations.

The candidate is expected to play critical role in enabling the cyber security risk functionality to identify, assess, and manage technology and cyber risks. His/her expertise should help to navigate the ever-evolving risk landscape, ensure compliance with regulatory requirements, and foster a culture of risk awareness and compliance across Aramco Asia.

Responsibilities

• Engage in evaluations, proof-of-concept activities, design, build and implementation of cybersecurity solutions, specializing in network security (such as Network Access Control, Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), IPS etc.), other perimeter protection tools with minimal supervision and guidance.
• Perform core operational cyber-security functions such as co-managing security controls ranging from endpoint security, email security, web security, data leakage prevention.
• Capable of handling other security technologies with minimal supervision and guidance.
• Respond to security incidents and manage incident response.
• Provide cloud security assessment and propose enhancements and solutions.
• Participate in or conduct cyber-security assessments, and evaluate proposed changes, and/or execute action plans to enhance cyber-security resilience and risk mitigation.
• Participate in incident response planning and remediation actions.
• Enhance cyber-security operations functions through process enhancements, automation and stakeholder engagement.
• Lead enhancement of cyber-security functions through vendor/supplier identification, scope of work development, justification, contract review, contract negotiation and procurement engagement.
• Execute and communicate enhancement strategy of cyber-security functions using measured goals, proper tracking and reporting.
• Establish, maintain and enforce procedures, guidelines and baselines related to security for the users and administration of IT systems.
• Collaborate with stakeholders from other IT functions for cyber gaps remediations efforts and provide security review consultations if required.
• Participate in raising cybersecurity maturity of the organization.
• Perform other miscellaneous security related duties as directed by IT Management.

Requirements

• Bachelor's or Master's degree in Information Technology, Computer Science, Risk Management, or a related field.
• Significant experience in technology risk management, information security, IT auditing, or related discipline, preferably within the financial services industry.
• Strong understanding of IT infrastructure, applications, cybersecurity principles, and technology-related regulations and standards.
• 9 years’ experience in IT with a minimum of 4 years in cybersecurity field.
• CISSP, CISM, CRISC or equivalent professional certification is preferred.
• Cloud security certification is recommended (CCSP, AZ 500, GCSA, CompTIA Cloud+ etc)
• Proficient in business style written and oral English.
• Understanding and familiarity with securing cloud infrastructure.
• Understanding of cybersecurity frameworks such as NIST CSF, ISO 27001, ISO 22301, CSA CCM etc.
• Well-versed with various IT & cyber security policies such as IT Security policy, Identify and Access Management policy, Change Management policy, Vulnerability Management policy, Remote Access policy, Risk Management policy, Business Continuity Plan & Disaster Recovery policy, Incident Response policy, Data Classification policy, Asset Management policy, Data Protection policy.
• Strong relationship building skills and stakeholder management to develop effective trustworthy relationships with multiple stakeholders.