About the job
The Specialist – IMT Security Governance reports to the Manager – IT Governance. S/he contributes to development of policies, procedures relating to IT governance including but not limited to security, identity, and access management (SIAM), system security utilities and establishes information and data protection policies and controls.
The Specialist – IMT Security Governance conducts continuous audit activities to assure compliance with security policies, procedures, and standards; follows the execution of action plans related to internal and external audit recommendations. Assists in the development of the IT governance strategy that covers business processes, business enabling systems, operational support systems, and enterprise IT infrastructure.
KEY ROLE ACCOUNTABILITIES
- Responsible for conducting Cyber Security and Risk assessments that include security policies, standards, and controls management process including regular assessment process reviews and updates of the process flow narrative.
- Analyses and documents the existing user access and privileges provisioning/De-provisioning process, conducts process-reengineering to address security gaps and evaluate latest technology solution for identity and privileges management.
- Documents and maintains all records and evidences on implementing a successful information security management system based on security standards and frameworks adopted by Sidra.
- Supports Risk Management tools, techniques, and procedures to enhance risk management capabilities throughout the Organization.
- Assists in development of IT Security strategy, policies, standards, guidelines and procedures; reviews existing security policies, standards, guidelines, and procedures and provides advice as to their appropriateness and effectiveness ensuring that industry best practices is adapted to the needs of the healthcare industry and the region
- Performs asset discovery and classification, and ensures that the rules of use for assets or systems complies with the enterprise’s information security policies and procedures.
- Develops and assists in implementing processes for detecting, identifying and analyzing security related events in coordination with the Operations Security team.
- Manages the Security Risk Registry that will include testing, continuous risk assessment monitoring, control execution and artifacts collection, audit engagements, and real time dashboard and reporting. And follows up on each risk issue with the relevant business units. Escalates any delays or issues as required.
- Works to achieve strategic and operational targets with significant impact on the Information Security and Risk Management results.
- Works with the IT Governance Manager to ensure that all risk assessment issues are understood, raised and resolved. Periodically reviews the effectiveness of this process.
- Implements strategic goals established by Information Security and Risk Management leadership.
- Assists the IMT Governance Manager to ensure that all security audit (internal and external) issues are understood, raised, and resolved.
- Performs on-going security audits to assess effectiveness of policies and procedures and system security safeguards.
- Works closely with Manager IT Governance to create risk probabilities and to consolidate risks in a managed register, including the development of standards and control procedures to treat and remediate based upon business risk appetite and enable compliance across the organization.
- Evaluates potential impacts on business unit operations when new systems are introduced.
- Participates with vendors in the assessment of advanced technologies, tools, etc.
- Investigates industry risk and compliance trends with new technologies and provide guidance and recommendations to the IT Governance Manager.
- Adheres to Sidra’s standards as they appear in the Code of Conduct and Conflict of Interest policies
- Adheres to and promotes Sidra’s Values
QUALIFICATIONS & EXPERIENCE
Bachelor’s degree in the field of computer science, information systems, or computer engineering
- 5+ years of experience working with information Security systems including
- Experience in developing Information Security Management System
- Experience in identity management, access control, and single-sign-on
- Experienced with (or equivalent) the following regulations and frameworks: PCI, HIPAA, and ISO/IEC 2700x
Certification and licensure
CISSP, CISA, CISM, ISO2700x or other equivalent security certification