Senior Consultant – Information Security /Cyber Security (Oman) Engineering & Technical
- Location: Muscat, Oman
- Experience Level : 12+ Years ( or more)
- Knowledge in Information Security, Business Continuity, IT Service Management & IT Governance & Strategy
- Desired Certification: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), ISO 27001 Lead Auditor / Implementer
- The consultant is responsible for delivering the consulting engagements (for e.g. GAP Assessment, Risk Assessment, Policy, Procedure creation). The role requires solid background in Information Security, ISO 27000, ISO 22301, ISO 20000 and ITIL.
- The Senior consultant - ISMS role requires broad high level technical knowledge and the ability to recommend solutions based on customer business problems or requirements.
- The role requires demonstrated ability to engage in IT and business executive discussions related to IT Governance, Information Security, IT Service Management, Risk Management and Business Continuity.
Detailed Roles and Responsibilities:
- Influencing organization, customers, suppliers, partners and peers on area of expertise
- Advising on the available standards, methods, tools and technologies relevant to area of expertise and how business benefits can be realized
- Lead customer through consulting engagements by assembling information to determine, document and agree customer requirements, conducting AS-IS assessment in line with applicable standards and frameworks, conducting Gap Analysis and producing recommendations
- Defining, developing, and implementing policies, processes, and procedures aligned to standards, and frameworks
- Developing templates, guidelines and other job aids to use the implemented policies, processes and procedures
- Assessing and formulating tool requirements to execute the processes and ensuring that all the processes are institutionalized within customer environment
- Conducting periodic compliance audits / assessments against defined processes and various quality models such as ISO, ISO 22301, and ISO 27000 series.
- Reporting, ensuring and facilitating closure of all non-conformities by driving/initiating corrective actions within customer environment
- Developing Metrics/KPIs and performing data collection related to the processes deployed, driving analysis and improvements based on recommendations
- Contributing to internal best practices, processes and methodology documents pertaining to area of specialism
Key Personal Attributes
- Client facing experience is a must
- Pres-sales & delivery experience is a must
- Interpersonal skills to interact in team environment and foster client relationships
- Ability to communicate technical risk issues effectively, to customers who may, at times, have a non- technical background
- Ability to write technical reports, detailed presentations and documentation
- Demonstrated understanding of the importance of business ethics
- Must be able to handle highly confidential information in a strictly professional manner
- Must be able to maintain professional demeanor in times of high stress
- Open to travel as per the job requirements. It would depend upon the assignment as well.
- Project management skills and an ability to translate business requirements into technical IT security deliverables
Qualification & Skills
- Extensive experience with ISO 27001 and ISO 22301 standards
- Degree in Computer Science or Engineering ( Master Degree is desirable)
- Accreditations/Certifications e.g. COBIT, ISO 27001 LA/LI, ISO 22301 LA/LI, CISA,CISSP, PMP,CompTIA CASP, CRISC, CCSK
- Extensive experience with performing security risk assessments
- Ability to define and implement security processes across different departments and working with different stakeholders
- Extensive experience with Application Security controls, tools and processes
- Familiar with common security vulnerabilities and mitigating techniques
- Familiar with EU regulatory requirements as well as other relevant international security standards
- Knowledge of security protocols and common attack vectors, with a willingness to maintain up to date threat knowledge
- Strong IT technical knowledge