Senior Information Security Specialist

Updated: about 2 hours ago
Saudi Arabia
Senior Information Security Specialist
Non-Academic
Responsible for information security activities including implementing policies, standards and procedures relating to data, system, and application security, incident management, awareness, operations and maintenance, governance, risk, compliance, and procurement, which protect the confidentiality, integrity, and availability of KAUST’s IT infrastructure, components and information assets
  • Specifies data and information classification, sensitivity, and need-to-know requirements by information type
  • Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems.
  • Validates that engineered information security and application security controls meet requirements
  • Collaborates with IT P&T function to integrate security functions into the project management process
  • Develops the information security awareness and training program policy and evaluates the program’s compliance with PSPs.
  • Plans and schedules the delivery of learning activities, based on learning objectives.
  • Manages the delivery of programs of learning.
  • Customizes formal and informal learning activities, incorporating relevant business scenarios and case studies.
  • Designs appropriate environments, and delivers learning activities to specialist audiences.
  • Advises/coaches others in learning delivery techniques and options.
  • Develops a workforce development, training, and awareness program plan.
  • Represents Information Security on the IT Change Advisory Board (CAB) to ensure that security policies and controls remain effective following a change.
  • Ensures that information systems are assessed regularly for vulnerabilities, and that appropriate solutions to eliminate or otherwise mitigate identified vulnerabilities are implemented
  • Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security.
  • Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.
  • Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures.
  • Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Information Technology
Information Technology

  • Three or more of the following certifications are needed:

  • Security+;
  • Security Essentials;
  • Certified Ethical Hacker (CEH);
  • Performs compliance reviews of delivered products and services to assess the delivery of information security requirements against stated contract requirements and measures
  • Monitors vendor agreements and Service Level Agreements (SLAs) to ensure that contract and performance measures are achieved
  • Develops a plan of action and associated mitigation strategies to address program deficiencies
  • Coordinates with internal and external audit teams to determine if information security control objectives, controls, processes, and procedures are effectively applied and maintained, and perform as expected
  • Documents information security audit results and recommends remedial action PSPs.
  • Plans formal reviews of activities, processes, products or services.
  • Evaluates and independently appraises the internal control of automated business processes, based on investigative evidence and assessments undertaken by self or team.
  • Ensures that independent appraisals follow agreed procedure and advises others on the review process.
  • Provides advice to management on ways of improving the effectiveness and efficiency of their control mechanisms.
  • Identifies and evaluates associated risks and how they can be reduced.
  • Reviews the performance of, and provides recommendations for, risk management (e.g., security controls, policies/procedures that make up risk management program) tools and techniques
  • Assesses residual risk in the IT infrastructure used by the organization
  • Assesses the results of threat and vulnerability assessments to identify security risks, and regularly updates applicable security controls
Reporting:
  • Assists the Information Security Manager in developing security reports, highlighting findings and recommendations
  • Minimum of Bachelors’ Degree in Computer, Network or Information Security-related fields
  • Three or more of the following certifications :
  • Security+;
  • Security Essentials;
  • Certified Ethical Hacker (CEH);
  • A minimum of 15 years of experience in IT or similar domains with a minimum of 4-6 years in-depth experience in IT Security systems and network security domain, and server/network management systems. Management experience is a plus.
  • Knowledge of security standards (ISO 27000 series, NIST, COBiT)

View or Apply

Similar Positions