Role: Senior RSA Archer Cyber Security Engineer
Location: Jubail, Saudi Arabia
Required Duration: 12 months +
RSA Archer Consultant & GRC Officer, IT Security Enablement
· Full understanding of RSA Archer modules such as Risk Management, Compliance Management, Policy Management,Enterprise Management, Incident Management, Threat Management, Business Continuity Management, and other modules (is required).
· Minimum experience in implementation of 3 different RSA Archer GRC
· Formulating business requirements, security requirements and IT requirements for RSA Archer (is required).
· Minimum experience 5 years in Information Security (is required).
· Experience in Information Security Governance (is a plus).
· SABSA foundation certification (is a plus)
· Understand the business processes and the services provided in SABIC
· Understand what types and nature of technologies are implemented
· Understand the information security practices and its related business contexts (internal and external) along with the security technologies and personnel’s roles and responsibilities.
· Communicate with stakeholders to ensure all the technical and non-technical requirements are covered and long-term ROI is maintained
· Aligning with all parties (such as SOC, Help Desk, System Admins, NOC, Application Support, Security Governance, Security Architecture amongst others) are managed in line with SABIC’s direction and the security’s direction.
· Understanding the process exactly, the associated technologies, or if it requires manual inputs beside the integration, then understand the essential factors such as input data, security controls (many types of controls including configuration level), Risks (many types of risks), business assets, then all the given data will lead to an operational modules of Archer.
· Manage the technical implementation accurately and facilitate technical expertise and decide upon the approach, the integration with technologies and processes of SABIC, and expected reports and outputs that simulate what SABIC is doing today and ensuring segregation of duties with respect to the access of RSA Archer.
· Ensure that all end to end security and GRC processes are operational through RSA Archer, and into the production of SABIC’s day-to-day operations.
· Manage policies and exceptions, link controls to risks and regulations, develop risk criteria and assign ownerships and follow up with them, make Archer understands SABIC business logic in reality, address security alerts through SEIM to effectively escalate, investigate, and resolve security incidents, classifying assets and prioritizing vulnerabilities and maintaining business criteria.
· Maintain a team of admins and end users of Archer, including himself, to work on RSA Archer, and build its own catalogue to be part of SABIC’s service catalogue.
· Brief understanding of SABSA framework that will be applied on RSA Archer, so all the artifacts and the architecture process shall be implemented and followed through the Archer, Risks will be associated with controls, that will show to what layer of the architecture did we reach in SABIC, associated with business requirements, drivers, attributes, and domain authorities, then any change or GRC initiative must be linked to these artifacts in order to operate the SABSA in real life.