متخصص خبره تحلیل ریسک سامانه مدیریت امنیت اطلاعات (ISMS)

Job Description

Roles & Responsibilities

•Coordinate with MTN Group on security risk activities and control standards to ensure aligned and consistent ISMS practices across the Group
•Research and stay abreast of the latest developments in the information security concept to identify related risks in a teleco/techco company
•Collaborate in definition and act upon OLAs with ITS and NWG for security risk actions to clarify ownership, timelines, and remediation outcomes
•Lead and execute executation the ISMS risk cycle under ISO/IEC 27001 and NIST CSF to maintain a prioritized and current risk register and treatment plan
•Lead and endure existence and proper second-line assurance on the ISMS based on risk cycle, confirming that risk identification, assessment, and treatment activities are properly executed by responsible teams, and that the risk register is accurate and up to dateTo track risk treatment plans with ITS/NWG control owners to closure to ensure residual risk stays within appetite.
•Monitor and drive closure of internal/external audit findings and management actions to prevent repeat findings and improve assurance
•Review the verified implemented measures of the required policies and controls to detect and address deviations and control gaps early
•Oversee the internal ISMS/security audits plan and spot checks to validate control design and operating effectiveness
•Define and enforce risk-based security checklists for new systems and ongoing operations to embed baseline controls pre-go-live and during BAU
•Benchmark security technologies, policies, and standards against Group and industry practices to identify targeted improvement opportunities
•Contribute in security awareness campaigns by providing risk scenarios and lessons learned to reduce human-factor risks and policy exceptions
•Review risk dashboards, heatmaps, and concise management reports to make timely, informed decisions and shape the insights for the Risk Committee and Leadership
•Own and govern the ISMS Risk Track documentation set, evidence library, and audit trail, ensuring end-to-end completeness, version control, and certification/assurance readiness through periodic QA and corrective actions.
•Govern alignment of the ISMS risk register with the Enterprise Risk Management (ERM) taxonomy and risk appetite, setting rules for escalations, acceptances, and transfers, approving or challenging exceptions, and ensuring all risk decisions are formally documented, time-bound, and traceable.
•Monitor educating related teams, and provide awareness regarding various ISMS risk issues.
•Oversee provisioning of assurance that Business Continuity Management (BCM) and Disaster Recovery (DR) plans are aligned with ISMS requirements, and to monitor their governance, testing, and risk treatment outcomes.

Job Requirements

*Education
•BSc. degree in Information Security / Cybersecurity or a related discipline
Also below cerificates are considered as advantage:
•ISO/IEC 27001
•NIST Cybersecurity Framework (CSF)
•CISA (Certified Information Systems Auditor)
•CISSP (Certified Information Systems Security Professional)

*Experience
•Minimum of 8 years’ experience in the area of specialization, with experience in supervising others
•Experience working in a medium organization