AMENDMENTS:JOB ROLE AND RESPONSIBILITIES BSA (CSL) SHALL:
1. Oversee the assigned department's/organization#s computer security program ensuring compliance with the Company's Information
Manage the internal processes and procedures to comply with Information Security Policy in the organization(s), which he/she supports.
Communicate recently approved additions, deletions or amendments to the information Security Policy to department management and
Document and report non-compliance or misuse of granted privileges and services as required by incident Reporting Processes and
supporting Information Protection Standards and Guidelines (IPSAG).
2. Conduct business risk assessments related to computing resources within his/her area of responsibilities and take appropriate remedial
action, including notifying his/her management and Computer Security Administration (CSA) regarding security risks, or IT regarding
3. Enhance department level access requirements documentations, and ensure the availability of applicable support systems and related
processes to assign, monitor and delete when such accesses are no longer required.
Ensure removal of access assigned for resigned, transferred or terminated employees immediately.
4. Maintain department data classification as per GI710.002 Classification and handling of Sensitive Information requirements and take
appropriate action(s) in order to comply with sensitive and confidential data.
5. Obtain department head approval for access requirements especially for critical resources and maintain records of such approvals.
6. Manage Active Directory resources for users under his/her area of responsibility:
,,Enables and resets user's Domain account.
7. Manage Email Exchange security groups and profiles for users# binder his/her area of responsibility.
8. Monitor permissions to use network resources, e.g. shared folders, and printers
9. Monitor SAP users' access and roles for users under his/her area of responsibility.
10. Monitor and process temporary administrator rights requests to install, maintain and/or delete approved programs, hardware.
11. Conduct computer security awareness to users in which he/she supports. Also, report any computer or system misuse or other
irregularity. He/She must be able to do several awareness presentations to his/her organization during the operational year, or as required.
12. Coordinate Business Continuity requirements for his/her organization in order to comply with the approved corporate Business Continuity
13. Ensure periodic physical inventory verification, at least once every six (6) months, of ail assigned end-user devices under his/her custody.
Reconcile a Physical Inventory Report, which needs to be reviewed and approved by the Division and Department Heads. Inventory
discrepancies shall be investigated, and any lost or stolen device(s) shall be reported to Industrial Security Operations for appropriate
follow-up action. A record of follow-up is maintained for future reference and inventory reconciliation.
14. Ensure accurate inventory database records for his/her department's applications, software, hardware and network devices, and identify
ownership of the inventory items by updating the corporate IT Asset Management System to comply with the requirements of GI 299.010:
Request physical ID for equipment that does not have one through SAP PRC.
Update the end-users' location and contact information for devices within his/her area of responsibility.
15. Manage and coordinate the requesting of IT computer resources.
16. Ensure that all software and data on all surplus computer equipment are sanitized prior to disposition using Company-authorized
17. Manage and maintain IT shared assets under his/her area of responsibility.
18. Ensure that employees who are no longer working in his/her areas of responsibility are cleared and signed-off according to company
policies and procedures. The scope includes all IT-issued end-user devices under I-his/her custodianship.
19. Report to and advise department head regarding information security concerns and issues.
20. Participate, if requested by Corporate Security Services, in investigations of breaches of Saudi Aramco Policies and Standards within the
organization(s) he/she supports:
Liaise with Computer Security Administrator, information protection organizations, and Access Control Groups (ACGs), as needed.
21. Represent his/her organization in computer security related issues and incidents as directed by management.
22. Be the focal point of contact and perform support procedures when a penetration test or compliance assessment is performed within