Governance, Risk and Controls Advisor
BH-292938
Posted: 23/01/2025
- 0
- Iraq Basrah
- Contract
-
Oil & Gas
Governance, Risk and Controls Advisor
Principal Accountabilities
Department: Information Technology
Location: Basrah/virtual
Job Type: 5/2 (5 working days, 2-day weekends) from 8am - 4pm
8hours per day - Iraq working days (Sunday to Thursday)
The GRC (Governance, Risk, and Control) advisor is an Information Security subject matter expert in the overall design, documentation and operation of Information Security Management System (ISMS) framework including the required policies, processes and procedures in the overall IT landscape spanning EUC (End User Computing), applications and network. The role covers setting Information Security Policy, Information Disclosure, User Access Management, Vulnerability and Patch Management Process, Third Party Security Management, Remote Access Procedure, Removable Storage Media Access and Third-Party Risk Management Framework at the minimum.
Key Responsibilities
Capabilities
Experience
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
Principal Accountabilities
Department: Information Technology
Location: Basrah/virtual
Job Type: 5/2 (5 working days, 2-day weekends) from 8am - 4pm
8hours per day - Iraq working days (Sunday to Thursday)
The GRC (Governance, Risk, and Control) advisor is an Information Security subject matter expert in the overall design, documentation and operation of Information Security Management System (ISMS) framework including the required policies, processes and procedures in the overall IT landscape spanning EUC (End User Computing), applications and network. The role covers setting Information Security Policy, Information Disclosure, User Access Management, Vulnerability and Patch Management Process, Third Party Security Management, Remote Access Procedure, Removable Storage Media Access and Third-Party Risk Management Framework at the minimum.
Key Responsibilities
- Development of ISMS framework including the required policies, processes and procedures and ensure general knowledge among employees in accessing/complying with them
- Create and establish the following processes and procedures at the minimum: Information Security Policy, Information Disclosure, User Access Management, Vulnerability and Patch Management Process, Third Party Security Management, Remote Access Procedure and Removable Storage Media Access
- Publish the information security policies and procedures in a central repository following approval processes
- Communicate and socialize the existence of information security documentations and conduct workshops and trainings.
- Define a periodic timeline for reviewing and checking relevance of documented exceptions.
- Define workflow requirements and staff responsible for exception handling processes.
- Ensure exception lists are kept current and past exceptions are periodically and timely reviewed to improve the overall process
- Ensure design and operational effectiveness for the ISMS framework
- User awareness and training including internal IT users, service managers and service owners
- Work closely with 3rd party vendors and partners to deliver managed services and ensure ISMS framework is embedded in any relevant scope
Capabilities
- Sound cyber security experience and knowledge
- Extensive knowledge of ISMS Framework design and operational effectiveness
- Identifies the overall solution framework whilst maintain a strong interface with vendors, IT organization, line of business leaders and key users
- Excellent interpersonal skills to communicate suitably with senior stakeholders and external suppliers
- Strong business analysis skills and experience, including process modelling
- Broad knowledge of systems management and operational support tool
- Strong leadership in developing skills, talent/workforce, and capabilities to grow and embed GRC scope across organization and IT ecosystem
Experience
- Ideal candidate has 7-10yrs in a similar role leading GRC scope
- Experience leading the selection and implementation of ISMS Framework
- Broad IMIT experience enabling a solid understanding of the overall landscape with specific exposure to industry governance or compliance framework (ISO, NIST, ITIL)
- Works independently with minimal oversight and has experience in developing and training other IT
- Hands-on experience performing risk assessments, BIAs, and PIAs.
- Proficiency in working with Zscaler, Microsoft Sentinel, and cloud platforms (Azure, AWS).
- Experience in implementing controls within complex IT environments.
- Knowledge of legal and regulatory requirements such as GDPR, ISO 27001 Foundation or Implementer.
- Certified Risk and Information Systems Control (CRISC) or Certified Information Systems Security Professional (CISSP)
- Privacy impact assessment (PIA) workshops
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.