Senior Consultant Job

Overview

Job Description

Job Title

Senior Consultant

Job Code

569067

Grade

I4

Group

Division

Absher Division

Department

Cybersecurity

Unit

ROLE PURPOSE

The aim is to state the overall significance of the job from the organization’s perspective.

To assess and document Elm's cybersecurity compliance and risk posture related to information assets, and provide specialized information security expertise to support the development and implementation of cybersecurity governance, risk management, compliance, awareness, assessment, and policy programs in alignment with Elm's policies, regulatory requirements, and information security standards.

Key Accountabilities & Activities

This section describes the principal outputs required from the job.

Key Accountabilities

Key Activities

• Cybersecurity Governance Operations
• Execute day-to-day cybersecurity governance activities in accordance with established standards, procedures, and departmental requirements.
• Prepare timely and accurate cybersecurity governance reports to support company and department requirements, policies, and standards.
• Identify opportunities to improve cybersecurity governance processes, practices, reporting, and operational efficiency.
• Cybersecurity Compliance Management
• Implement procedures and controls to support compliance with applicable regulatory, legal, and internal cybersecurity requirements.
• Support the development and implementation of effective policies and practices to secure protected and sensitive data.
• Monitor compliance status and follow up on required corrective actions to address cybersecurity compliance gaps.
• Cybersecurity Risk Management
• Support the implementation of the information security risk management program to identify, assess, document, and monitor cybersecurity risks.
• Establish and conduct risk analysis and self-assessments for information systems, services, and related processes.
• Maintain visibility of cybersecurity risk exposure and support mitigation planning with relevant stakeholders.
• Policies, Standards & Guidelines
• Develop, maintain, and review Elm's cybersecurity policies, standards, guidelines, and baselines to ensure continued relevance and compliance.
• Ensure cybersecurity policies and standards are reviewed and updated regularly based on regulatory changes, emerging threats, and business needs.
• Promote consistent adoption of cybersecurity policies, standards, and guidelines across relevant teams and business units.
• Audits, Assessments & Remediation
• Coordinate with Internal Audit, Corporate Compliance, Risk Management, and external consultants on cybersecurity assessments and audits.
• Track new and outstanding cybersecurity issues and support remediation activities with relevant internal stakeholders.
• Support internal and external audits, compliance checks, and assessment processes, including PCI DSS and ISO 2700x related activities.
• Cybersecurity Awareness & Enablement
• Promote and monitor Elm's cybersecurity awareness program to strengthen security culture and compliance across the organization.
• Provide guidance and knowledge sharing to internal teams and external clients when required on cybersecurity governance and compliance matters.
• Maintain cybersecurity governance, risk, and compliance expertise through continuous training, research, and awareness of security trends.
• Data Classification & Records Retention
• Support the development, promotion, and monitoring of Elm electronic records retention practices in coordination with relevant business units.
• Work with business units to support proper data classification and protection of sensitive information assets.
• Ensure data classification and records retention activities are aligned with cybersecurity, privacy, and compliance requirements.
• Stakeholder Engagement & Advisory Support
• Establish and maintain strong working relationships with technology teams, operations teams, business units, and relevant governance stakeholders.
• Coordinate with privacy and security stakeholders to support ISO information security requirements, penetration testing activities, and internal security policies.
• Provide cybersecurity governance, risk, and compliance advisory support to enable secure service delivery and effective control implementation.
• Policies, Processes & Procedures
• Follow all relevant departmental policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
• Comply with all relevant safety, quality and environmental management policies, procedures and controls to ensure a healthy and safe work environment.
• Information Security
• Comply with all relevant information security practices and standards to ensure data integrity and confidentiality.
  
  

JOB SPECIFICATIONS

Academic And Professional Qualifications

• Bachelor's degree in Information Technology, Cybersecurity, Information Security, Computer Science, or a related field.
• Master's degree or relevant professional certifications in cybersecurity, risk, governance, or compliance are preferred.
  
  

Years And Nature Of Experience

• 6+ years of relevant experience in cybersecurity governance, risk management, compliance, information security, audits, assessments, or related fields.