Job purpose

Provides end-to-end subject matter expertise and execution capabilities across the domains of technology risk management, disaster recovery, and regulatory compliance. The role supports the development and implementation of frameworks, policies, and practices that protect OQ’s digital infrastructure and ensure operational resilience.

The position will act in accordance with the OQ’s Mission, Vision, Values & Strategies, as well as, policies, guidelines, and standards, supported by an IT Technology platform, HSE standards, Omani’s government & other legal justifications, and best international practices in consonance with national objectives

.Main tasks and responsibilitie

s
Risk Manageme

• ntIdentify, assess, and monitor IDS-related risks including, operational, infrastructure, and compliance risk
• s.Conduct periodic risk assessments, internal audits, and gap analyse
• s.Collaborate with IT, Cybersecurity, and Enterprise Architecture teams to define and implement control frameworks aligned to ISO 27005, NIST RMF, and COBIT principle
• s.Maintain a centralized risk register and ensure timely mitigation, acceptance, transfer, or avoidance strategies for each identified ris
• k.Regularly review risk appetite, metrics, and thresholds in collaboration with Governance and Internal Audit function

s.Disaster Recovery (DR) Planni

• ngLead the design, implementation, testing, and continual improvement of IDS DR plans aligned with ISO 2230
• 1.Define business impact assessments (BIAs), RTOs (Recovery Time Objectives), and RPOs (Recovery Point Objectives) for critical systems and application
• s.Coordinate DR simulations, tabletop exercises, and live recovery tests across OQ’s digital environment
• s.Ensure DR strategies are aligned with on-premises, private cloud, and hybrid cloud environment
• s.Collaborate with business continuity leads across group entities to ensure interdependency planning and resilience readines

s.
Compliance Managem

• entMonitor and ensure compliance with internal policies, national regulations (e.g., Omani privacy laws), and global frameworks (e.g., GDPR, ISO 2700
• 1).Prepare for internal and external audits by maintaining a compliance evidence repository, ensuring traceability and accountabili
• ty.Contribute to the development and update of IDS policies, procedures, Process and SO
• Ps.Conduct third-party risk assessments and ensure vendor compliance through contract clauses, periodic reviews, and audi
• ts.Liaise with legal, risk, and regulatory teams for evolving requiremen

ts.
Incident Resp

• onseAct as a core member of the Incident Response Team for IDS-related incide
• nts.Help establish and maintain response playbooks for cyberattacks, data breaches, outages, and system compromi
• ses.Support forensic investigations and root cause analysis following incide
• nts.Lead post-incident reviews and implement lessons learned into the risk and DR framewo

rks.
Training and Awar

• enessDesign and deliver role-based training programs on risk management, DR awareness, and compliance best practices for IDS teams and business u
• sers.Drive a culture of risk ownership, security awareness, and policy compli
• ance.Build and maintain a knowledge hub for best practices and regulatory upd

ates.
Continuous Impro

• vementMonitor global trends in cyber resilience, regulatory technology (RegTech), and digital
• risk.Propose enhancements to current systems including automation, data analytics, and integrated dashboards for real-time visib
• ility.Lead process maturity assessments using CMMI or similar frameworks and develop improvement roa

dmaps.
Key inter

actionsInternal: OQSAOC Streams/AssetsExternal: Technology vendors, auditors, regulators, managed service pro

viders.Notable Working Conditions. Office-based role with occasional visits to operational and disaster recovery sites. May require availability outside regular hours during DR tests or inc

idents.Education requi

• rementsBachelor’s degree in computer science, Information Technology, Cybersecurity, or a related
• field.Master's degree or relevant certifications (e.g., CISSP, CISM, CBCP, ISO 27001 Lead Implementer/Auditor) pre

ferred.L

anguageExcellent knowledge of written, read, and spoken English (required) Arabic - Native (des

irable)
Background and ex

• perience6–8 years of experience in cybersecurity, risk management, com
• pliance.Strong understanding of data protection laws and DR fra
• meworks.Familiarity with industry standards (e.g., ISO 27001, NIST, CIS Co

ntrols).
Competencies a

nd skillsBeh

avioral: Strong analytical and communicatio

• n skills.Leadership mindset with stakeholder engagement capa
• bilities.Ethical, detail-oriented, and adaptable to regulatory
• changes.Ability to work across functional teams and influence without a
• uthority.High integrity, ethical conduct, and a sense of accoun
• tability.Problem-solving orientation with the ability to manage a
• mbiguity.Passion for continuous learning and adapting t

o change.
T

• echnical: Proficiency in risk and complia
• nce tools.Knowledge of IT infrastructure, cloud, and access control m
• echanisms.Exposure to legal, regulatory, and audit req
• uirements.Understanding of privacy-by-design and privacy-by-default p
• rinciples.Familiarity with ITSM processes, SIEM/SOC practices, vulnerability management, and asset class
• ification.Deep understanding of risk management, DR/BCM, compliance frameworks, and regulatory ob