خبير حوكمة أمن المعلومات Information Security Governance Expert | شركة سوداني

  Information Security Governance Expert 

خبير حوكمة أمن المعلومات  Information Security Governance Expert | شركة سوداني
خبير حوكمة أمن المعلومات  Information Security Governance Expert | شركة سوداني 

Job Description



Job Title: Information Security Governance Expert
Sector: Strategy
Division: Risk Management & Compliance
Section: Information security
Report to: Information Security Senior Manager

Main Job Purpose:

The primary objective of this role is to assess, monitor, and report on cyber and data risk exposure,
ensuring alignment with Sudani’s security framework, national and international cybersecurity
regulations, and data privacy requirements. This involves evaluating the security controls environment,
assessing the suitability and effectiveness of those controls, and offering expert advice on developing
appropriate security measures to mitigate information security risks.

Duties & Responsibilities:

1. Assess and identify potential cyber and data risks to the organization in alignment with Sudani’s
security framework, national and international cybersecurity regulations, and data privacy
requirements.
2. Continuously monitor the organization’s information security posture, identifying any gaps,
vulnerabilities, or emerging risks and ensuring compliance with applicable standards and
regulations.
3. Regularly evaluate the security controls environment, ensuring they are appropriately designed,
effective, and adequate in mitigating identified risks.
4. Offer expert guidance to internal teams and stakeholders on the development and implementation
of necessary security measures and controls to reduce and manage information security risks.
5. Design and implement strategies and solutions to mitigate identified risks, ensuring that they align
with industry best practices and regulatory requirements.
6. Work closely with business units, IT, legal, and other departments to ensure information security
measures align with business goals and requirements.
7. Develop, review, and update organizational security policies, procedures, and guidelines to ensure
consistency with cybersecurity regulations and the evolving threat landscape.
8. Perform periodic risk assessments to evaluate the effectiveness of current security controls and
make recommendations for improvement.
9. Prepare and present detailed reports to senior management regarding security risks,
vulnerabilities, and compliance status, along with suggested mitigation strategies.
10.Contribute to the creation and delivery of security awareness programs for employees to foster a
culture of security within the organization.
11. Ensure all security-related activities, including risk assessments, audits, and mitigation actions,
are thoroughly documented for future reference and compliance audits.
12.Coordinate and support internal and external security audits to assess the effectiveness of security
controls and ensure compliance with organizational and regulatory standards.

Behavioral competences:

1. Communication: Strong written and verbal communication skills are necessary to present
complex information security concepts clearly and understandably. Must be able to effectively
report on risks and security findings to both technical and non-technical stakeholders.
2. Collaboration & Teamwork: Ability to work closely with cross-functional teams, including IT,
legal, and business units, to align on security measures, provide guidance, and ensure
consistent execution of information security practices across the organization.
3. Analytical Thinking: Ability to analyze complex cybersecurity issues, assess potential risks,
and make data-driven decisions to enhance information security. This involves a keen attention
to detail and the ability to break down complex security scenarios into actionable steps.
4. Achievement Focus: A strong drive to achieve desired outcomes and security goals. The
individual in this role is results-oriented, consistently striving for success in maintaining robust
information security governance, meeting deadlines, and achieving organizational objectives
while ensuring the organization’s risk exposure is minimized.
5. Managing Resources: Effectively managing the allocation of resources (such as time, budget,
and personnel) to ensure the successful execution of information security governance
strategies. This includes ensuring that sufficient resources are available for risk assessments,
audits, and implementing security controls while staying within the organization’s constraints.
6. Adaptability: Ability to quickly adapt to changing regulatory requirements, new security threats,
and evolving business needs while maintaining effective security governance strategies.

Technical competencies:

1. Secure Controls Framework Expertise: Deep understanding of the Secure Controls Framework
(SCF) and the integration of Security by Design and Privacy by Design principles. Familiarity with
industry-recognized frameworks and standards, including NIST, OWASP, CIS Benchmarks, and
Trust Services Principles, to guide security governance and controls implementation.
2. Legal and Regulatory Compliance Knowledge: In-depth understanding of relevant legal and
regulatory requirements both internally and externally, including data privacy regulations (e.g.,
GDPR, CCPA) and cybersecurity standards, ensuring the organization’s compliance with national
and international laws.
3. Technical Infrastructure and Risk Management: Expertise in technical infrastructure and key
processes, with a focus on security and privacy risk management. Ability to assess and manage
technology-oriented risk issues, ensuring alignment with organizational security objectives.
4. Knowledge of Telecom and IT Systems: Comprehensive knowledge of telecommunications
systems, networking protocols, operating systems, cloud-based solutions, and application
development processes, enabling effective management of security across diverse technology
platforms.
5. Security Policies and Compliance Best Practices: Strong understanding of policy development,
compliance frameworks, and security best practices. Ability to design and implement security
policies aligned with industry standards, organizational goals, and regulatory requirements.
6. Risk Management: Proficiency in identifying, assessing, and managing cyber and data risks using
quantitative and qualitative risk management methodologies. This includes the ability to assess
risk exposure, evaluate potential impacts, and implement appropriate mitigation strategies.
7. Data Privacy & Protection: Proficiency in data protection strategies and techniques, such as
encryption, data masking, and anonymization. Knowledge of privacy laws and regulations (e.g.,
GDPR) and the ability to implement these standards within security governance.

Job Requirements 

(Education, Training or certificates, Experience, Language):
▪ Education: A bachelor’s degree in computer science, information technology, information
security, computer engineering, or related disciplines.
▪ Training or Certificates: Certified in Information Systems Security Professional (CISSP)|Certified
Information Systems Auditor (CISA) |Certified Information Security Manager (CISM) | Certified in
Risk and Information Systems Control (CRISC) | ISO 27001 lead implementor certificate | ISO 27001
lead auditor certificate.
▪ Experience: 6-8 Years of experience in Technology/IT, with at least 5 years in an information
security role.)
▪ Languages:
• Fluent in English/Arabic (Written& Spoken).
• Proficiency in French (additional, preferred)


تعليقات