Information Security Head

Job description / Role

Duties and Responsibilities:
• Carries out the day to day security related tasks as instructed by the ICT Manager.
• Work closely with the ICT Department and other stakeholders to:
• Performs the prime role of ISMS Manager for Information security management program
• Ensure that the information security environment operates as specified in the ISMS, and as required by ICT security policies
• Account for the performance of the information security protective monitoring services as listed in the service catalogue, and as resourced by SATORP
• Establish and maintain a system that fosters the routine use of risk assessments and risk treatments related to the information security features of systems and networks, and related administrative activities (non-physical assets)
• As required carry out the following:
- Record keeping as specified in Security policies
- Reducing non-conformances, where resources allow
- Implementing risk treatments
• Create and operate SATORP’s information security training and awareness program
• Establish and maintain a system of performance management (PIs) that fosters review and monitoring of assessments, plans, implementations, operations, and usage related to information security throughout SATORP
• Establish and maintain a system that fosters appropriate and effective disaster recovery and contingency plans for information systems in SATORP
• Report periodically to the IT Steering Committee with regard to information security
• Support periodic reports for the Internal Audit team
• Champions various Security Initiatives at SATORP.
• Acts as Change Manager for ICT, schedule and head change advisory board meetings.
• Acts as ISMS Manager for ISO 27001 Security management system.
• Develop a Security Awareness Plan and implement as follows:
- Identified key messages for key SATORP audiences (e.g. departments)
- Identify how to communicate with these audiences (workshops, booklet, presentations, e-mailshots, video on website etc.)
- Nominate Information Security Unit personnel to deliver the training appropriate to the audiences

Requirements

Main Competencies and Qualities (Coding details are given in Section 1 above):
• Strong functional and technical knowledge of IT Security (F).
• Good knowledge of the overall ICT infrastructure including applications software and systems and IT Services (E).
• Good knowledge of IT Governance standards (E).
• Good knowledge of Business Continuity management (E).
• Strong analytical ability (E).
• Capable of giving strong attention to details (E).
• Strong problem solving skills (D).
• Strong leadership skills (E).
• Ability to deliver effective presentations to all levels of Management (E).
• Strong interpersonal communication skills (E).
• Strong command of oral and written English (E).

Education Background:
• Bachelor’s Degree in Information Technology, Computer Engineering or equivalent.

Experience:
• 5 + years of experience in IT Security or relevant discipline.

About the Company

SATORP, in its promising future, is one of the most complex refineries in the world, with a processing capacity of 400,000 barrels per day of Arabian Heavy Crude to produce petroleum products and petrochemicals with commitment to the highest international standards of health, safety and environment; and at the same time having continuous development and leadership in the region. This world-class refinery that came to being out of the expertise of the two oil giants, Saudi Aramco and Total, is located at Jubail Industrial City in the east of Saudi Arabia.