Governance, Rsk & Compliance Specialist

Etihad

Synopsis As part of the Governance, Risk and Compliance team, this role is responsible for Supporting the implementation of the security risk management process, procedures and guidelines - identifying, assessing and controlling risks. They will also manage compliance assessments and supporting activities in audits and certification audits against various standards and track/report compliance implementation. This role is part of the wider Governance, Risk and Compliance team and will require cooperation with corporate compliance functions on the harmonization of security law enforcement activities and conduct IT compliance research and requirement applicability analysis. Accountabilities Proactively seek opportunities to improve the efficiency / effectiveness of the IT security compliance program. Develop, review and revise information security policies and supporting standards aligned with applicable industry best practices and regulations. Assist the Implementation of the security governance, risk and compliance program as directed with a focus on industry regulations and standards, data privacy and internal policies and standards compliance. Operate the enterprise-owned tools that support governance, risk and compliance activities and support service providers in delivering contractual security requirements. Identify and evaluate IT security risk factors and ensure adequate & effective IT security controls exists that mitigate these risks and meet current and future compliance requirements. Demonstrate knowledge of IT security regulatory requirements like NESA, ISO 27001, PCI DSS, GDPR, ADHICS, etc. Provide assurance that IT security risks are effectively identified and addressed in relation to with deployment of new or enhancements in existing information systems and processes. Provide support in coordination activities as required for the IT security component of both internal and external audits. Support in the development, review and publishing of content for security awareness theme and conduct security awareness trainings & simulation exercises. Support the vulnerability detection & remediation program with a focus on vulnerability prioritization and remediation with creation of timely reports & dashboards Education & Experience Knowledge of industry best practice standards pertaining to Information Security, risk management and data privacy Knowledge of and experience with Information Security and GRC tools required. Understanding of international and local regulations pertaining to Aviation, Information Security and data privacy Ability to manage execution of projects by security services providers and internal teams. Ability to learn and adapt quickly to new cybersecurity technologies and skills Very good written and oral communication skills required. A minimum of 5+ years of experience in Cybersecurity. Graduate degree in Computer Science, Management Information Systems or equivalent industry experience.