OQ
Sr. Specialist IDS Risk, DR & Compliance
- Permanent
- Muscat, Oman
- Experience 5 - 10 yrs
Job overview
Date posted
17/11/2025
Location
Muscat, Oman
Salary
Undisclosed
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
01/01/2026
Job description
The Sr. Specialist IDS Risk, DR & Compliance at OQ SAOC plays a critical role in safeguarding the organization’s digital infrastructure and ensuring operational resilience across its information and digital systems (IDS). Based in Muscat, Oman, this position provides subject matter expertise and execution capability in three key domains — risk management, disaster recovery (DR), and compliance. The role involves developing and maintaining frameworks, policies, and practices aligned with global standards such as ISO 27001, ISO 27005, NIST RMF, and COBIT to manage technology risks and ensure business continuity. The incumbent will lead DR planning, testing, and readiness across on-premises, private cloud, and hybrid environments, ensuring alignment with ISO 22301. They will oversee regulatory compliance efforts, ensuring adherence to internal policies, Omani data protection laws, and international frameworks like GDPR. The Sr. Specialist will also support incident response operations, act as part of the incident management team during cyber events, and integrate lessons learned into risk and DR programs. Additionally, the role includes delivering training and awareness programs, driving process maturity assessments, and recommending continuous improvements through automation and analytics. This position requires collaboration with IT, cybersecurity, governance, legal, and external regulators to uphold high standards of compliance, resilience, and security within OQ’s digital ecosystem.
Required skills
Key responsibilities
- Identify, assess, and monitor IDS-related operational, infrastructure, and compliance risks across the enterprise
- Develop and maintain risk registers, perform risk assessments, audits, and gap analyses aligned with ISO 27005 and NIST RMF frameworks
- Define, implement, and monitor control frameworks in collaboration with IT, Cybersecurity, and Enterprise Architecture teams
- Lead the development, implementation, and testing of disaster recovery (DR) plans aligned with ISO 22301 standards
- Define Business Impact Assessments (BIAs), Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs) for critical systems
- Conduct DR simulations, tabletop exercises, and live recovery tests across digital environments
- Ensure DR strategies integrate effectively across on-premises, private cloud, and hybrid cloud systems
- Monitor compliance with internal policies, Omani regulations, and international frameworks such as GDPR and ISO 27001
- Prepare for internal and external audits and maintain a compliance evidence repository
- Perform third-party risk assessments, ensuring vendor compliance through periodic reviews and contractual clauses
- Collaborate with legal and regulatory teams to align with evolving compliance and privacy requirements
- Act as a core member of the Incident Response Team, supporting forensic investigations and post-incident reviews
- Develop and maintain incident response playbooks and support root cause analysis following incidents
- Design and deliver training programs on risk management, DR, and compliance awareness across the organization
- Promote a culture of risk ownership, operational resilience, and compliance within the IDS function
- Monitor global trends in digital risk, cyber resilience, and RegTech to enhance OQ’s frameworks and tools
- Lead process maturity assessments using frameworks like CMMI and develop improvement roadmaps for governance functions
- Propose automation, analytics, and dashboarding enhancements for real-time visibility into risk and compliance metrics
- Collaborate with business continuity leads and external stakeholders to strengthen resilience across OQ group entities
Experience & skills
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related discipline
- Master’s degree or certifications such as CISSP, CISM, CBCP, ISO 27001 Lead Implementer/Auditor preferred
- 6–8 years of experience in cybersecurity, risk management, disaster recovery, or compliance roles
- Strong understanding of regulatory frameworks, including ISO 27001, NIST, COBIT, and ISO 22301
- Knowledge of Omani privacy laws and international data protection regulations (e.g., GDPR)
- Proficiency in risk and compliance management tools and platforms
- Hands-on experience in DR planning, testing, and coordination in hybrid cloud environments
- Experience performing risk assessments, audits, and third-party vendor evaluations
- Familiarity with ITSM processes, SIEM/SOC operations, vulnerability management, and asset classification
- Strong analytical and communication skills, capable of engaging cross-functional stakeholders effectively
- Demonstrated leadership mindset with ability to influence without direct authority
- Ethical conduct, accountability, and a proactive approach to managing ambiguity and regulatory changes
- Fluency in English (Arabic proficiency desirable)
- Ability to work outside standard hours during DR tests or security incidents
- Commitment to continuous improvement, process optimization, and knowledge sharing across the organization
