Lead - Cyber Security

Oman Investment Authority

KEY ACCOUNTABILITIES:

• Lead the implementation, monitoring, and continuous enhancement of the organization s information security and IT risk management program to safeguard the confidentiality, integrity, and availability of information assets.
• Lead the development, review, and maintenance of information security policies, standards, procedures, and guidelines.
• Oversee the effectiveness of security controls and recommend enhancements to address identified gaps and strengthen the overall control environment.
• Lead vulnerability assessment activities and ensure timely remediation of identified security weaknesses through close coordination with relevant stakeholders.
• Oversee security incident monitoring, investigation, response, and reporting, ensuring timely escalation, root cause analysis, and corrective actions.
• Review audit trails, system logs, and monitoring reports to identify suspicious activities, investigate anomalies, and ensure compliance with internal policies and audit requirements.
• Coordinate and oversee security testing activities for systems, networks, applications, and infrastructure, ensuring remediation plans are implemented and tracked to closure.
• Work closely with infrastructure, applications, and other technology teams to ensure cybersecurity requirements are embedded into systems, projects, and change initiatives from design through implementation.
• Act as the focal point for internal and external cybersecurity audits, ensuring timely closure of audit findings and continuous improvement of control effectiveness.
• Lead cybersecurity risk assessments and maintain cybersecurity risk registers, including recommendations for mitigation, treatment, and ongoing risk monitoring.
• Contribute to business continuity, disaster recovery, and cyber resilience planning to ensure cybersecurity considerations are adequately addressed.
• Lead cybersecurity awareness initiatives and provide guidance to employees on information security policies, cyber risks, and best practices.
• Stay abreast of emerging cyber threats, vulnerabilities, technologies, and industry trends, and provide recommendations to management on actions required to strengthen the organization s security posture.
• Prepare and present periodic cybersecurity reports, dashboards, risk updates, and key insights to management and relevant stakeholders.
• Provide technical guidance and subject matter expertise on cybersecurity matters across the organization.
• Perform any other related duties assigned by management