Sr. Specialist IDS Risk, DR & Compliance

Permanent
Muscat, Oman
Experience 5 - 10 yrs

Apply now

View more jobs like this

Job expiry date: 01/01/2026

Return to jobs page

Job overview

Date posted
17/11/2025
Location
Muscat, Oman
Salary
Undisclosed
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
01/01/2026

Job description

The Sr. Specialist IDS Risk, DR & Compliance at OQ SAOC plays a critical role in safeguarding the organization’s digital infrastructure and ensuring operational resilience across its information and digital systems (IDS). Based in Muscat, Oman, this position provides subject matter expertise and execution capability in three key domains — risk management, disaster recovery (DR), and compliance. The role involves developing and maintaining frameworks, policies, and practices aligned with global standards such as ISO 27001, ISO 27005, NIST RMF, and COBIT to manage technology risks and ensure business continuity. The incumbent will lead DR planning, testing, and readiness across on-premises, private cloud, and hybrid environments, ensuring alignment with ISO 22301. They will oversee regulatory compliance efforts, ensuring adherence to internal policies, Omani data protection laws, and international frameworks like GDPR. The Sr. Specialist will also support incident response operations, act as part of the incident management team during cyber events, and integrate lessons learned into risk and DR programs. Additionally, the role includes delivering training and awareness programs, driving process maturity assessments, and recommending continuous improvements through automation and analytics. This position requires collaboration with IT, cybersecurity, governance, legal, and external regulators to uphold high standards of compliance, resilience, and security within OQ’s digital ecosystem.

Required skills

technology risk management

disaster recovery (DR)

business continuity planning (BCP)

compliance management

regulatory compliance

ISO 27001

NIST RMF

ISO 22301

COBIT

cybersecurity frameworks

incident response

risk assessment

third-party risk management

vendor compliance

forensic investigations

data privacy

GDPR

ITSM processes

vulnerability management

policy development

training and awareness

process maturity assessment

cloud security

regulatory technology (RegTech)

Key responsibilities

Identify, assess, and monitor IDS-related operational, infrastructure, and compliance risks across the enterprise
Develop and maintain risk registers, perform risk assessments, audits, and gap analyses aligned with ISO 27005 and NIST RMF frameworks
Define, implement, and monitor control frameworks in collaboration with IT, Cybersecurity, and Enterprise Architecture teams
Lead the development, implementation, and testing of disaster recovery (DR) plans aligned with ISO 22301 standards
Define Business Impact Assessments (BIAs), Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs) for critical systems
Conduct DR simulations, tabletop exercises, and live recovery tests across digital environments
Ensure DR strategies integrate effectively across on-premises, private cloud, and hybrid cloud systems
Monitor compliance with internal policies, Omani regulations, and international frameworks such as GDPR and ISO 27001
Prepare for internal and external audits and maintain a compliance evidence repository
Perform third-party risk assessments, ensuring vendor compliance through periodic reviews and contractual clauses
Collaborate with legal and regulatory teams to align with evolving compliance and privacy requirements
Act as a core member of the Incident Response Team, supporting forensic investigations and post-incident reviews
Develop and maintain incident response playbooks and support root cause analysis following incidents
Design and deliver training programs on risk management, DR, and compliance awareness across the organization
Promote a culture of risk ownership, operational resilience, and compliance within the IDS function
Monitor global trends in digital risk, cyber resilience, and RegTech to enhance OQ’s frameworks and tools
Lead process maturity assessments using frameworks like CMMI and develop improvement roadmaps for governance functions
Propose automation, analytics, and dashboarding enhancements for real-time visibility into risk and compliance metrics
Collaborate with business continuity leads and external stakeholders to strengthen resilience across OQ group entities

Experience & skills

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related discipline
Master’s degree or certifications such as CISSP, CISM, CBCP, ISO 27001 Lead Implementer/Auditor preferred
6–8 years of experience in cybersecurity, risk management, disaster recovery, or compliance roles
Strong understanding of regulatory frameworks, including ISO 27001, NIST, COBIT, and ISO 22301
Knowledge of Omani privacy laws and international data protection regulations (e.g., GDPR)
Proficiency in risk and compliance management tools and platforms
Hands-on experience in DR planning, testing, and coordination in hybrid cloud environments
Experience performing risk assessments, audits, and third-party vendor evaluations
Familiarity with ITSM processes, SIEM/SOC operations, vulnerability management, and asset classification
Strong analytical and communication skills, capable of engaging cross-functional stakeholders effectively
Demonstrated leadership mindset with ability to influence without direct authority
Ethical conduct, accountability, and a proactive approach to managing ambiguity and regulatory changes
Fluency in English (Arabic proficiency desirable)
Ability to work outside standard hours during DR tests or security incidents
Commitment to continuous improvement, process optimization, and knowledge sharing across the organization

Apply now

Return to jobs page

Share this post