Log In
Sign Up
Job Description
Location: Muscat, Oman
Experience Level : 12+ Years ( or more)
Knowledge in Information Security, Business Continuity, IT Service Management & IT Governance & Strategy
Desired Certification: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), ISO 27001 Lead Auditor / Implementer
Job Description
Experience Level : 12+ Years ( or more)
Knowledge in Information Security, Business Continuity, IT Service Management & IT Governance & Strategy
Desired Certification: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), ISO 27001 Lead Auditor / Implementer
Job Description
The consultant is responsible for delivering the consulting engagements (for e.g. GAP Assessment, Risk Assessment, Policy, Procedure creation). The role requires solid background in Information Security, ISO 27000, ISO 22301, ISO 20000 and ITIL.
The Senior consultant – ISMS role requires broad high level technical knowledge and the ability to recommend solutions based on customer business problems or requirements.
The role requires demonstrated ability to engage in IT and business executive discussions related to IT Governance, Information Security, IT Service Management, Risk Management and Business Continuity.
Detailed Roles and Responsibilities:
OPERATIONAL:
Influencing organization, customers, suppliers, partners and peers on area of expertise
Advising on the available standards, methods, tools and technologies relevant to area of expertise and how business benefits can be realized
Lead customer through consulting engagements by assembling information to determine, document and agree customer requirements, conducting AS-IS assessment in line with applicable standards and frameworks, conducting Gap Analysis and producing recommendations
Defining, developing, and implementing policies, processes, and procedures aligned to standards, and frameworks
Developing templates, guidelines and other job aids to use the implemented policies, processes and procedures
Assessing and formulating tool requirements to execute the processes and ensuring that all the processes are institutionalized within customer environment
Conducting periodic compliance audits / assessments against defined processes and various quality models such as ISO, ISO 22301, and ISO 27000 series.
Reporting, ensuring and facilitating closure of all non-conformities by driving/initiating corrective actions within customer environment
Developing Metrics/KPIs and performing data collection related to the processes deployed, driving analysis and improvements based on recommendations
Contributing to internal best practices, processes and methodology documents pertaining to area of specialism
Key Personal Attributes
Client facing experience is a must
Pres-sales & delivery experience is a must
Interpersonal skills to interact in team environment and foster client relationships
Ability to communicate technical risk issues effectively, to customers who may, at times, have a non- technical background
Ability to write technical reports, detailed presentations and documentation
Demonstrated understanding of the importance of business ethics
Must be able to handle highly confidential information in a strictly professional manner
Must be able to maintain professional demeanor in times of high stress
Open to travel as per the job requirements. It would depend upon the assignment as well.
Project management skills and an ability to translate business requirements into technical IT security deliverables
Qualification & Skills
Extensive experience with ISO 27001 and ISO 22301 standards
Degree in Computer Science or Engineering ( Master Degree is desirable)
Accreditations/Certifications e.g. COBIT, ISO 27001 LA/LI, ISO 22301 LA/LI, CISA,CISSP, PMP,CompTIA CASP, CRISC, CCSK
Extensive experience with performing security risk assessments
Ability to define and implement security processes across different departments and working with different stakeholders
Extensive experience with Application Security controls, tools and processes
Familiar with common security vulnerabilities and mitigating techniques
Familiar with EU regulatory requirements as well as other relevant international security standards
Knowledge of security protocols and common attack vectors, with a willingness to maintain up to date threat knowledge
Strong IT technical knowledge
