JOB SCOPE

Determine who requires access to which information. Plan, coordinate and implement information security programs. Responsible for Cybersecurity practice and governance in the organization. Defend computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Establish and implement frameworks and related processes for continual adherence to YASREF's internal and external security mandates. Responsible for implementing and auditing the controls needed to protect both company’s information as well as third party information from data breaches and cyber-attacks.

COMMUNICATION

• Internal : Report and refer on a regular basis with hierarchy. Implement pertinent policies, exchange information, discuss and know relevant KPIs/performance parameters. Provide service to other organizations.

• External: NA

KEY DUTIES AND RESPONSIBILITIES

• Determine who requires access to which information, and then plan, coordinate and implement information security programs.

• Monitor and advice on information security issues to ensure the internal Cybersecurity controls for the YASREF is adequately maintained and operating as intended.

• Participate and publish Cybersecurity policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.

• Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.

• Coordinate and execute Cybersecurity projects for the YASREF.

• Alert top management and Information Technology department in response to Cybersecurity suspects and incidents.

• Participate in conducting organization wide data classification assessment and security audits.

• Participate in creating cryptographic protocols to encrypt emails, files, and other critical data.

• Participate and create incident response plans, annual IT risk assessments and associated risk mitigation and avoidance functions.

• Document Cybersecurity incidents and emergency measures taken, procedures and tests conducted.

• Collaborate with government IT department, legal department to report and comply with safety and security regulations. Implement policies as mandated by law enforcement agencies to manage security vulnerabilities.

• Create, manage and maintain user security awareness among all computer users.

• Participate in YASREF's efforts to comply with ISO 27001 Information security management certification standards.

• Participate in risk assessment process for existing and new projects and ensure Cybersecurity compliance is well covered.

• Create and edit cybersecurity-related documentation. Also write technical specification to assess the application of security safeguards against vulnerabilities.

• Provide the required support for the Industrial Control Systems, Electrical Automation Systems, Cyber security systems, network, and its operation.

• Participate in Cybersecurity researches and keep abreast of latest security issues. Actively participate in the higher education of Cybersecurity.

• Perform other job-related duties as assigned by the direct supervisor.

EDUCATION & CERTIFICATION REQUIREMENTS

• Bachelor’s Degree in Computer Science, IT, Computer Engineering or equivalent.

• Cybersecurity certification

YEARS OF RELEVANT WORK EXPERIENCE

5