Cyber Security Auditor Job

Location

Khobar Office – Saudi Arabia

Job Purpose / Objective

Lead the Cybersecurity Internal Audit department to provide an independent and objective assessment of the design and operating effectiveness of IT, OT/ Industrial Control Systems (ICS), and Cybersecurity controls within the company by applying the best practices to mitigate risks, provide reasonable assurance to stakeholders and enhance the internal control system. Direct, develop and manage the staff level personnel during the execution of Internal Audit engagements, also ensure that the planning, fieldwork, and reporting activities are in conformance with the applicable standards and regulations.

Key Accountabilities 1

• Provide strategic leadership and advice in the development and execution of cyber security strategies and roadmaps designed to manage the organization’s exposure to cyber security risks.
• Manage the performance and development of a team of high-performing experienced cyber security professionals and provide GRC and technical coaching.
• Preparation of periodic risk, control assessments, and annual audit plans.
• Collaboration and leading of audits in the IT & security areas.
• Collaboration and coverage of information security relevant areas in business audits.
• Perform periodic infrastructure inspections to confirm all computers, generators, and servers are running properly.
• Participate in annual audits by providing requested information and scrutinize and rectify any non-conformances
• Prepare Backup & Disaster Recovery plans
• Responsible for the risk assessment & mitigation process
• Responsible for the cyber security troubleshooting & investigations activity
• Become the risk champion for the cyber security department
• Report and document all findings from the auditing practice
• Prepare customized cybersecurity awareness sessions based on audit findings to help best practices in the workplace.
• Consult with employees who are found violating cybersecurity policies.
• Prepare risk-oriented audit programs based on ISO/COBIT/ Industry recognized Frameworks or standards review with autonomy the audited areas, document the fieldwork performed and the related conclusions, and prepare audit reports in accordance with CAPT methodology and processes.
• Professional presentation of recommendations to the auditee as well as developing a risk mitigation proposal together with the auditee.
• Perform Data Analytics and support business audits using data analytics when required.
• Collaboration in national and international IT audit community projects/initiatives.
• Build and maintain effective relationships with stakeholders from management and their staff.
• Assist CISO/CSM as and when required.

Key Accountabilities 2

Key Accountabilities 3

Relevant Experience

• A minimum of 8 years of experience in the information security domain within an enterprise-level organization.
• At least 2 years of experience in the information security auditing domain and 2 years of experience in disaster recovery planning & testing.
• Experience in international standards and local regulatory requirements related to cybersecurity, telecommunications, data protection, and data localization.
• Functional Skills/Physical Competencies: e.g. Industry Knowledge, Stress Management, Time Management, Relationship Management.
• Organizational Awareness and Business knowledge - Uses knowledge of systems, situations, pressures, and culture inside the organization to identify potential organizational problems and opportunities; perceives the impact and implications of decisions on other parts of the organization.
• IT Knowledge - Uses knowledge and understanding of Information technology, the role it plays in an organization and the risks it creates in order to assess the efficiency, security, and continuity of IT.
• Fluent in English and Arabic with excellent writing/editing and verbal communication skills.