Information Security Analyst

Jobs at Saudi Aramco

Position description

We are seeking a seasoned Information Security Analyst to join the Planning & Performance Management Department (P&PMD) of the Planning, Budgeting & Performance Management Center (PB&PMC).

P&PMD is the custodian of the Company Business Plan, Accountability and Quarterly Business Review exercises.

The Information Security analyst is assigned to activities to manage the implementation of the Saudi Aramco Data Protection program which includes, but is not limited to: managing access to information, conducting risk assessments and identifying risks, assisting in IT audits, responding to information security incidents and overseeing and execute information security controls using automated tools and/or manual procedures.

Minimum requirements

As the successful candidate you will hold a Bachelor Degree in Engineering, Business Administration/Commerce, Computer Science, Management Information Systems (MIS), or Physical Sciences.

You will have 7 years of diversified experience in computer systems analysis or/and systems engineering.

You should be able to communicate effectively in English, both orally and written, and have demonstrated abilities in problem analysis and resolution.

Duties & responsibilities

You will be required to perform the following:

Software - Access control and information, data protection, access to profiles, software related updates, risk management, phishing email overview, system access for employees

Hardware - hardware request, liaising with vendors and IT regarding printers and IT assets, IT assets, roles access for employees

Lead efforts of developing and maintaining data protection manual, policies, procedures, and standards based on knowledge of best practices, compliance requirements and continuous improvement.

Ensure that the information protection goals, strategies, standards, procedures and plans that are maintained and are aligned with the corporate information protection control framework.

Communicate with IT Computer Emergency Response Team in case of information security incidents.

Lead risk management activities and coordinate with IT, Industrial Security, Auditing, Law, HR, and corporate business continuity to ensure alignment with corporate risk management program.

Initiate and lead preliminarily internal information security breaches investigations with approval from Corporate Security Services and his organization management.

Report on the overall information protection security posture and strategy and respond to inquiries from management.

Provide technical advice, guidance and assistance to staff.

Lead initiatives to develop and implement internal data protection compliance programs.

Act as the representative and/or assist in any audit or compliance checks related to information security and IT assets.

Implement procedures for tracking and managing information assets and classifying these information assets in compliance corporate policies.

Ensure that effective controls are implemented to eliminate or minimize the impact and probability of the risks associated with information assets.

Ensure that access approval process is developed and access is provided to individuals authorized based on business justification over multiple systems such as SAP, Windows, SharePoint, Active Directory … etc.

Report and encourage reporting of Information Security Observations, system misuse, or security breach, or other irregularities within his admin area and business line.

Ensure that policies for data backup and retention are complied with to ensure that critical data is available and recoverable.

Coordinate Business Continuity requirements activities with other teams.

Enforce the guidelines for Physical Security to secure information processing/storage sites and information processing/storage hardware from physical and environmental threats.

How to apply

If you believe you meet the requirements for this role, please contact us with your CV and state AAS - “Job Title” in the subject.