Details

 

Risk Management

·       Identify, assess, and monitor IDS-related risks including, operational, infrastructure, and compliance risks.

·       Conduct periodic risk assessments, internal audits, and gap analyses.

·       Collaborate with IT, Cybersecurity, and Enterprise Architecture teams to define and implement control frameworks aligned to ISO 27005, NIST RMF, and COBIT principles.

·       Maintain a centralized risk register and ensure timely mitigation, acceptance, transfer, or avoidance strategies for each identified risk.

·       Regularly review risk appetite, metrics, and thresholds in collaboration with Governance and Internal Audit functions.

Disaster Recovery (DR) Planning

·       Lead the design, implementation, testing, and continual improvement of IDS DR plans aligned with ISO 22301.

·       Define business impact assessments (BIAs), RTOs (Recovery Time Objectives), and RPOs (Recovery Point Objectives) for critical systems and applications.

·       Coordinate DR simulations, tabletop exercises, and live recovery tests across OQ’s digital environments.

·       Ensure DR strategies are aligned with on-premises, private cloud, and hybrid cloud environments.

·       Collaborate with business continuity leads across group entities to ensure interdependency planning and resilience readiness.

Compliance Management

·       Monitor and ensure compliance with internal policies, national regulations (e.g., Omani privacy laws), and global frameworks (e.g., GDPR, ISO 27001).

·       Prepare for internal and external audits by maintaining a compliance evidence repository, ensuring traceability and accountability.

·       Contribute to the development and update of IDS policies, procedures, Process and SOPs.

·       Conduct third-party risk assessments and ensure vendor compliance through contract clauses, periodic reviews, and audits.

·       Liaise with legal, risk, and regulatory teams for evolving requirements.

Incident Response

·       Act as a core member of the Incident Response Team for IDS-related incidents.

·       Help establish and maintain response playbooks for cyberattacks, data breaches, outages, and system compromises.

·       Support forensic investigations and root cause analysis following incidents.

·       Lead post-incident reviews and implement lessons learned into the risk and DR frameworks.

Training and Awareness

·       Design and deliver role-based training programs on risk management, DR awareness, and compliance best practices for IDS teams and business users.

·       Drive a culture of risk ownership, security awareness, and policy compliance.

·       Build and maintain a knowledge hub for best practices and regulatory updates.

Continuous Improvement

·       Monitor global trends in cyber resilience, regulatory technology (RegTech), and digital risk.

·       Propose enhancements to current systems including automation, data analytics, and integrated dashboards for real-time visibility.

·       Lead process maturity assessments using CMMI or similar frameworks and develop improvement roadmaps.