Information Security Analyst

Job Description

Req Number: 18428BR

Position Description:
We are seeking an Information Security Analyst to join Saudi Aramco’s Marine Department in Ras Tanura.

The Marine Department is a vital part of Saudi Aramco’s Industrial Services. The department has a reliable fleet of vessels to provide an assortment of Marine Services, to support the exploration, production, and transportation of oil, in and around Saudi Aramco’s offshore concession areas.

The Information Security Analyst primary responsibility is to develop and execute the Data Protection Program (DPP) and implement proper information security controls to safeguard the organization’s information assets.

Minimum Requirements:
As the successful candidate, you will hold a Bachelor degree in Computer Science, Computer Engineering Management, Information Management, Information Security or related degree.

You will have 5 years of experience in computer system analysis or which 2 years are spent within information security.

Duties & Responsibilities:
You will be required to perform the following:

Perform risk assessment to identify business risks, threats, and vulnerabilities related to information assets.

Coordinate with the information assets owner to identify and document adequate controls using risk based and business impact assessment to mitigate risks.

Ensure that appropriate awareness techniques for the awareness programs are selected, and perform regular awareness events to the Marine Department staff during the operational year.

Communicate data protection policies and requirements to external (3rd) parties and vendors

Participate in the performance of internal data protection reviews to assess the completeness and compliance of the critical functions and controls implemented as part of the Data Protection Program, such as information asset management, risk assessment and risk treatment.

Ensure regular compliance checks to verify the level of awareness, compliance, and effectiveness of implemented data protection program.

Analyze violations of computer security procedures and provide recommendations to management to mitigate such violations.

Ensure regular compliance checks to verify the level of awareness, compliance, and effectiveness of implemented data protection program.

Identify, classify, establish and manage inventory of information assets within his/her organization.

Enforce and administer that best practices for Access Control are implemented to safeguard information and computing resources of Saudi Aramco, such as least privilege, need to know, and limited time
access, access review, SAP role certification, use of Active Directory and HR Security groups.

Promote information/computing security awareness and training to users in the Marine Department.

Participate if requested into investigations of breaches of Saudi Aramco Policies and Standards within the Department.

Report and encourage reporting of Information Security Observations, system misuse, or security breach, or other irregularities within the Department.

Identify and document the business data that require backup to support business continuity and ensure that critical data is stored on an IT provided storage systems to protect the confidentiality, integrity, and availability of critical data.

Enforce the guidelines for Physical Security in the organization to secure information processing/storage sites and information processing/storage hardware from physical and environmental threats.

Ensure that data protection controls are applied as appropriate for non-IT managed software.

Act as the focal point for external compliance checks and audits

Ensure that proper corrective and preventive actions are executed on a timely basis to ensure proper resolution of the identified information protection (IP) observations.

Review violations and monitoring reports provided by IT.

About us:
Saudi Aramco’s Industrial Relations (IR) Business line is dedicated to building, maintaining and enhancing the relationships the Company develops with people and institutions inside the Kingdom and around the world. It is through the IR business line that the Company cares for the health, wellbeing and security of its employees and their families, maintains the high quality of life found in Company communities, operates the school system for the children of expatriate employees, and communicates with various audiences through a variety of media, including print publications, events, films and websites. Saudi Aramco operates one of the largest and most successful industrial and professional training programs on the planet to ensure that its employees are provided with the training they need to meet emerging challenges. The Company’s wide-ranging corporate citizenship activities, which focus on the areas of environmental protection, knowledge, community and the economy, are also the responsibility of the IR business line.