Risk and Information Protection Lead

Job Purpose:

As Lead of Governance and Information Protection, this role is responsible and accountable for these technical areas:

• Governance Risk and Compliance: Develop and implement a comprehensive cybersecurity governance framework aligned with industry best practices, regulations, and organization objectives.
• Information Protection: Develop and implement a comprehensive strategy for safeguarding sensitive information, data assets and access management.
• Security awareness and training: Develop and deliver training programs to raise users’ awareness about cybersecurity, policies, and threats to foster a positive cybersecurity culture throughout the organization.
• Cybersecurity program: Develop and execute strategic roadmap for the organization cybersecurity program for IT and OT in line with business requirements and objectives.

Qualifications and Experience:

• Graduate and/or Master’s Degree qualifications in either Computer Science, Information Technology, or a related discipline.
• 10+ years’ experience in a similar role, in large enterprise environments (>1000 users), with multiple geographic locations.
• Oil and Gas experience (or manufacturing industries) is preferred.
• Professional certifications in Information Security and/or Information technology – CISSP and/or CISM at minimum is required.
• Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
• Knowledge of and experience in managing, developing and documenting security programs and plans, including strategic, tactical, and operational plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Strong communication skills, including written, oral and presentation skills. Must be fluent in English.
• Knowledge and experience in Enterprise IT/OT security technologies, services, and processes
• Professional certification in Industrial Cybersecurity e.g., GICSP or similar) is desirable.
• Knowledge of Industrial Cybersecurity standards is desirable.
• Exposure to program and project management is desirable.
• Vendor management skills and ability to define and negotiate effective SLAs and service KPIs with vendors.
• Extensive technological domain knowledge to understand integration of digital products with IT systems & architecture.
• Good knowledge of the business to understand business requirements and implications on organization operations.