Job Title : SR. INFORMATION SECURITY RISK ANALYST
Reference Code : OG-7002733
Department
INFORMATION & COMMUNICATION TECHNOLOGY
Primary purpose of job
Enhance corporate information security posture by assessing and managing the risks as per the corporate information security risk management standard.
Assure effective mitigation and communication of the risks to the management and business owners. Provide expert advice (Technical and administrative) for management of the risks
Experience & Skills
Subject matter expert in information and cybersecurity security risk management.
Perform risk management activities for IT and OT on business services, business processes and support assets.
Identify critical information systems and supporting systems for QP business processes and projects.
Develop and manage information security risk register, including the development of risks acceptance reports, and communicate risks to the business and cyber security committee.
Develop treatment, maintain security controls and monitor control effectiveness.
Assess cost effective security controls for the remediation of risk and evaluate existing information security controls, providing assurance of control implementations as required.
Develop and design the integration and alignment process with corporate ERM
Education
Bachelor’s degree in information security, computer science, or systems engineering
Professional certifications related to Information security like IS027001, IS027005, CISSP, CISA, GIAC, CEH or others
1O+ years of relevant professional experience.
Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas
Ability to communicate the urgency and severity of complex risk scenarios in simple language
Knowledge of fundamental security principles and challenges in their practical application
Knowledge of information security capabilities and requirements analysis
Excellent written and verbal business communication skills. 
