Cybersecurity Specialist📣 Job Ad

About the Role

Yanbu Aramco Sinopec Refining Company (YASREF) Ltd. is seeking a Cybersecurity Specialist to join its team in Yanbu, Al Madinah, Saudi Arabia. This full-time position is integral to establishing and maintaining a robust information security and cybersecurity governance program. The specialist will guide the implementation of cybersecurity practices across the organization, focusing on protecting critical systems and data from cyber threats and malicious attacks. This role is key in ensuring continuous adherence to YASREF's internal and external mandates, safeguarding company and third-party information from data breaches.

Key Responsibilities

• Define, communicate, and control a strong information security and cybersecurity governance program.
• Guide and implement cybersecurity practices and governance within the organization.
• Defend computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
• Establish and implement frameworks and processes for continual adherence to YASREF's internal and external mandates.
• Implement and audit controls to protect company and third-party information from data breaches and cyber-attacks.
• Report regularly to hierarchy, implement pertinent policies, exchange information, and discuss relevant KPIs/performance parameters.
• Develop and update guidelines and procedures for the Information Security Division to meet standard guidelines and compliance requirements.
• Ensure adherence to the Risk Assessment process as per ISO 31000 in line with the Corporate Enterprise Risk Management methodology.
• Conduct internal technical and process risk assessments as part of Self-Assessment activities.
• Review and measure the performance and effectiveness of implemented OT & IT controls, mitigating identified IT Risks/gaps.
• Develop the ability to prevent security incidents, respond quickly to crisis situations, and recover within agreed timeframes.
• Research and recommend appropriate technology controls to prevent, detect, and respond to security compromises.
• Review Information Security postures by scheduling and performing internal security audits, including random audits at vendor facilities.
• Facilitate and maintain audit evidence and closure of audit findings for Internal Audits, including Internal Controls Framework, Enterprise Risk Management (ERM), ISO 27001, ISA 99 / IEC 62443, and Corporate Governance Audits.
• Adopt and align existing IT and OT Controls to meet NIST Cyber Security Framework (NIST-CSF), 800-82, 800-53 requirements, Saudi Arabian Monetary Agency (SAMA), National Cyber Security Authority (NCA), High Commission for Industrial Security (HCIS), ISO 27001, and SANS Top 20 Critical Controls.
• Develop and implement a data classification and privacy framework, assisting business departments with data categorization to ensure adequate technical controls are applied.
• Establish an IT and OT governance body, along with an advisory board, to provide oversight for developing common IT guidelines and procedures for integrated IT/OT security.
• Maintain and continually improve IT Governance functions.
• Review and analyze existing processes including Organizational Information Security, Access Controls, Change Management, Human Resource Security, Incident Management, Asset Management, Operational and Communicational Security, System development and maintenance, Physical Security, IT Continuity, and Compliance controls.
• Impart Information security awareness trainings and conduct Phishing Simulation exercises to measure user awareness levels.
• Design and develop appropriate training programs to enhance security awareness through various media.
• Document resources required, including personnel, in a disaster scenario, and identify recovery priorities.
• Validate and analyze risks of disruptions, prioritize activities, and evaluate disruption-related risks, mitigating problems in line with business continuity objectives.
• Prepare, validate, and deliver an OT and IT continuity requirement sheet with Key Risk Areas (KRA) and Key Performance Indicators (KPI).
• Provide required support for Industrial Control Systems, Electrical Automation Systems, Cybersecurity Systems, network, and their operations.
• Participate in Cybersecurity research and stay abreast of the latest security issues.
• Perform other job-related duties as assigned by the direct Supervisor.

Qualifications and Requirements

• Bachelor's Degree in Computer Science, IT, Computer Engineering, or equivalent.
• Relevant cybersecurity certification.
• Over 10 years of relevant work experience.

Required Skills and Expertise

• Information Security Governance
• Cybersecurity Governance
• Risk Assessment (ISO 31000)
• OT & IT Controls Management
• IT Risk Mitigation
• Security Incident Response
• Technology Controls Implementation
• Internal and Vendor Security Audits
• Internal Controls Framework
• Enterprise Risk Management (ERM)
• ISO 27001, ISA 99 / IEC 62443
• Corporate Governance Audits
• NIST Cyber Security Framework (NIST-CSF), NIST 800-82, NIST 800-53
• Compliance with SAMA, NCA, HCIS regulations
• SANS Top 20 Critical Controls
• Data Classification and Privacy Framework development
• IT and OT Governance
• IT/OT Convergence principles
• IT Governance Functions
• Knowledge of Access Controls, Change Management, Human Resource Security, Incident Management, Asset Management, Operational Security, Communicational Security, System Development and Maintenance, Physical Security, IT Continuity, and Compliance controls.
• Information Security Awareness Training and Phishing Simulation design
• Disaster Recovery Planning and Business Continuity management
• Support for Industrial Control Systems (ICS), Electrical Automation Systems, Cybersecurity Systems, and Network operations.
• Cybersecurity Research
• Strong communication skills.

Work Location and Type

This is a full-time position based in Yanbu, Al Madinah, Saudi Arabia. The role involves work within the city of Yanbu and potentially the broader Medina region.