Information Security and Data Protection Expert / Sr.Expert

Oman Investment Authority

Responsibilities:

• Develop and maintain the group-wide information security governance framework.
• Define security compliance strategy aligned with regulations and recognized standards (e.g., ISO 27001).
• Review and validate the effectiveness of information security controls implemented by IT and OT trams.
• Monitor compliance with security policies, procedures, and regulatory requirements.
• Conduct independent assessments and gap analyses of cybersecurity and IT/OT risk exposure.
• Coordinate with the IT and OT departments to avoid duplication and ensure role clarity.
• Report significant findings and recommendations to the Director GRC, Asyad Leadership Team Audit Committee, and Board.
• Support business units in understanding and fulfilling their compliance obligations.
• Promote a risk-aware culture through awareness and advisory initiatives.

Data Protection:

• Establish and oversee a data protection framework aligned with the Personal Data Protection Law (PDPL).
• Develop policies and procedures to ensure lawful processing of personal data across all subsidiaries.
• Monitor organizational compliance with data protection obligations and advise on risk mitigation.
• Conduct privacy impact assessments and periodic independent audits.
• Act as the point of contact for regulators and internal stakeholders regarding data privacy matters.
• Maintain records of processing activities and ensure transparency across the data lifecycle.
• Raise awareness and provide training on data protection responsibilities across the group.
• Regularly report on data protection risks, breaches, and status to the Director GRC and the Board.
• Ensure data sharing, outsourcing, and cross-border transfers are assessed and controlled.