Saudi Aramco Careers

IT Security Risk Management Analyst

Saudi Arabia
information technology


Job Description

Requisition ID: 1419632

Req Number: 17036BR

Position Description:
We are seeking an IT Security Risk Management Analyst to join the Risk Management Division of the Information Security Department.

The Risk Management Division is responsible for maintaining the information security risk registers, risk management strategy, and the risk management implementation of the global operations of the company.

You will join the Information Security Risk Management team in risk identification, risk governance and risk monitoring for the global operations of the Company. You are required to interact with various technical IT organizations, business analysts, and with high-level management. You are also responsible for regular technical report writing, information security risk analyses, and conducting presentations are fundamental in this position.

Minimum Requirements:
As the successful candidate you will hold a Bachelor’s degree in computer science/engineering, management information systems (MIS’s), or a related bachelor’s degree in information technology from a recognized and approved program. An advanced degree in cybersecurity is preferred.

You will have 10 years of experience in information security, including at least 5 years in conducting information security risk assessments or audits.

You must have good interpersonal skills and be fluent in written and oral English. Proficiency in the Arabic language is preferred but is not required.

You will have strong technical knowledge in IT networking, software development, databases, and in operating systems.

You will have the ability to write professional reports, develop and deliver professional presentations, work with individuals and groups at different organizational levels, and demonstrate constructive and assertive communication skills.

A background and knowledge in the oil and gas industry is preferred, and an in-depth understanding of information security governance, risk management, and compliance is required.

You have the following highly desired certifications:

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk Management Assurance (CRMA)

Certified Information Systems Security Professional (CISSP)

Certified Information Security Auditor (CISA)

Certified Information Security Manager (CISM)

Duties & Responsibilities:
You will be required to perform the following:

Conduct information security risk assessments at technical and business levels in coordination with various individuals and groups. Complete risk assessment reports and provide presentations about them.

Conduct and facilitate information security risk identification, risk analysis, risk prioritization, risk treatment plan, and risk monitoring.

Provide guidance to improve information security risk management practices and conduct evaluation of risk management performance.

Define and maintain information security risk management framework, processes, and procedures.

Define and maintain risk registers, risk profiles, and risk metrics.

Develop documentations, presentations, and reports.

Coordinate and work with other information security organizations within the Company.

Lead or participate in information security projects.

About us:
The Engineering & Project Management (E&PM) business line studies, plans and oversees the construction of the Company’s new facilities, including some of the biggest and most complex projects in the petroleum industry. Recently, Saudi Aramco completed the largest capital program in its history that included new or expanded oil, gas and petrochemical facilities, raising maximum sustainable crude oil production capacity to 12 million barrels per day and significantly increasing gas production and processing capacities. Among the recently completed projects was the largest crude oil increment in the history of the industry: Khurais, with a production capacity of 1.2 million barrels per day. More challenges lie ahead, with a slate of new or expanded oil, gas, refining and petrochemical projects in the works. E&PM also manages the Company’s Research & Development Center where scientists investigate topics such as the desulfurization of crude oil, advanced fuel formulations for next generation combustion engines, and reservoir nano-scale robots (Resbots™) for injection into reservoirs to record their properties.