13 Data Protection jobs in Oman

Job Title: Risk Management & Safety Officer

Reporting Line: Director of Risk Management & Compliance

Location: Muscat, Oman (some local travel may be required)

Job Summary:

The Risk Management & Safety Officer is responsible for identifying, assessing, and mitigating risks to ensure a safe and compliant work environment. This role involves developing risk management policies, ensuring health and safety standards, and promoting a culture of safety within the organization.

Key Duties and Responsibilities:

• Identify and assess risks, developing mitigation strategies to ensure a secure working environment.
• Implement and maintain health, safety, and risk management policies in line with regulatory and organizational standards.
• Conduct safety audits, inspections, and risk assessments to ensure compliance with best practices.
• Provide training and awareness programs for staff on workplace safety and risk management.
• Investigate incidents and accidents, preparing reports and recommending preventive measures.
• Collaborate with various departments to promote a culture of safety and risk awareness.
• Maintain records of incidents, risk assessments, and compliance documentation.
• Stay updated on local and international safety regulations and advise management on best practices.

Qualifications:

• Bachelor’s degree in risk management, Occupational Health & Safety, Business Administration, or a related field.
• Professional certification in risk management or occupational health and safety (e.g., NEBOSH, ISO 45001) is preferred.
• Minimum 3-5 years of experience in risk management and safety roles.

Skills and Competencies:

• Strong knowledge of risk management and safety regulations.
• Excellent analytical and problem-solving skills.
• Effective communication and training abilities.
• Attention to detail with strong organizational skills.
• Ability to work independently and collaboratively.
• Office-based role with occasional on-site inspections and safety audits.
• Some local travel may be required for site visits and training sessions.

The appointment will be made at the appropriate level, according to the appointee’s qualifications and experience. A competitive compensation and benefits package will be offered in accordance with Sultanate of Oman Labor Law.

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.

To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Threat Detection and Response: Identify potential security threats through monitoring network traffic, system logs, and other data sources. Respond quickly to contain and mitigate threats.
• Incident Management: Investigate security incidents, contain breaches, and restore systems to normal operation.
• Vulnerability Management: Identify, classify, and prioritize vulnerabilities in systems and applications. Implement patches and fixes to prevent exploitation.
• Security Information and Event Management (SIEM): Use SIEM tools to monitor, analyze, and respond to security-related data from various sources.
• Compliance and Governance: Ensure security practices comply with regulatory requirements and industry standards.
• Security Awareness Training: Educate employees on security best practices and phishing attacks.
• Continuous Monitoring: Regularly review and update security controls, policies, and procedures.
• Compliance: Ensure compliance with regulatory requirements, such as HIPAA, PCI-DSS, and GDPR.
• Security Policies: Develop and implement security policies, procedures, and standards.
  
  

• Technical expertise in security tools and technologies
• Analytical and problem-solving skills
• Communication and collaboration skills
• Knowledge of security frameworks and regulations
• Ability to work under pressure and respond to incidents quickly
  
  

• SIEM systems
• Intrusion Detection Systems (IDS)
• Firewalls
• Antivirus software
• Vulnerability scanning tools
  
  

• Security frameworks and standards (NIST, ISO 27001)
• Security technologies (firewalls, intrusion detection systems, encryption)
• Compliance regulations (HIPAA, PCI-DSS, GDPR)
  
  

• Cloud Security: Experience with cloud security platforms (AWS, Azure, GCP).
• DevSecOps: Experience with DevSecOps practices and tools.
• Security Automation: Experience with security automation tools (SIEM, SOAR).
  
  

• Threat Detection and Response: Identify potential security threats through monitoring network traffic, system logs, and other data sources. Respond quickly to contain and mitigate threats.
• Incident Management: Investigate security incidents, contain breaches, and restore systems to normal operation.
• Vulnerability Management: Identify, classify, and prioritize vulnerabilities in systems and applications. Implement patches and fixes to prevent exploitation.
• Security Information and Event Management (SIEM): Use SIEM tools to monitor, analyze, and respond to security-related data from various sources.
• Compliance and Governance: Ensure security practices comply with regulatory requirements and industry standards.
• Security Awareness Training: Educate employees on security best practices and phishing attacks.
• Continuous Monitoring: Regularly review and update security controls, policies, and procedures.
• Compliance: Ensure compliance with regulatory requirements, such as HIPAA, PCI-DSS, and GDPR.
• Security Policies: Develop and implement security policies, procedures, and standards.
  
  

• Technical expertise in security tools and technologies
• Analytical and problem-solving skills
• Communication and collaboration skills
• Knowledge of security frameworks and regulations
• Ability to work under pressure and respond to incidents quickly
  
  

• SIEM systems
• Intrusion Detection Systems (IDS)
• Firewalls
• Antivirus software
• Vulnerability scanning tools
  
  

• Security frameworks and standards (NIST, ISO 27001)
• Security technologies (firewalls, intrusion detection systems, encryption)
• Compliance regulations (HIPAA, PCI-DSS, GDPR)
  
  

• Cloud Security: Experience with cloud security platforms (AWS, Azure, GCP).
• DevSecOps: Experience with DevSecOps practices and tools.
• Security Automation: Experience with security automation tools (SIEM, SOAR).
  
  

Company Description

Crowe Mak Ghazali, Auditors and Business Advisors, is a member firm of Crowe Global established in the Sultanate of Oman in 1995. Located in Muscat, we are among the top ten Auditing and Accounting firms in Oman. We offer a wide range of services including accounting, auditing, business consulting, and tax advisory. Our mission is to provide total business solutions to our clients, supporting them from company formation through to full business operations.

Role Description

This is a full-time on-site role for a Senior Information Security Consultant located in Muscat, Oman. The Senior Information Security Consultant will be responsible for managing and implementing Information Security Management Systems (ISMS), ensuring data privacy, overseeing cybersecurity measures, and maintaining network security. Daily tasks include risk assessments, security audits, developing security policies, and providing security training to staff. The role also involves staying updated with the latest security trends and technologies to recommend and apply necessary changes.

Qualifications

Information Security Management System (ISMS) and Information Security Management skills

Data Privacy and Cybersecurity expertise

Network Security management experience

Excellent analytical and problem-solving skills

Strong communication skills and ability to work collaboratively

Relevant certifications such as CISSP, CISA, CISM, or similar

Bachelor’s degree in Information Technology, Cybersecurity, or related field

Experience in the financial or consulting industry is a plus

About Muscat Finance SAOG:

Muscat Finance SAOG is a leading technology driven finance company in Oman, committed to providing innovative financial solutions and excellent customer service. We are dedicated to maintaining the highest standards of integrity, transparency, and security in all our operations.

Role Overview:

We are seeking a highly skilled Information Security Officer to join our team. The successful candidate will be responsible for developing and implementing information security policies and procedures to protect the company's information assets. This includes conducting risk assessments, ensuring compliance with regulatory requirements, and responding to security incidents.

Key Responsibilities:

• Develop, implement, and maintain comprehensive information security policies, standards, and procedures in line with industry best practices (e.g., ISO 27001, NIST) and local regulatory requirements.
• Oversee regular risk assessments, vulnerability assessments , and penetration tests to identify and mitigate potential security threats.
• Monitor security systems and tools for security incidents, anomalies, and breaches, and respond effectively to security incidents.
• Lead incident response efforts, including investigation and post-incident analysis.
• Implement and manage security awareness training programs for all employees to foster a security-conscious culture.
• Evaluate, recommend, and implement new security technologies and solutions to enhance the organization's information security posture.
• Collaborate with IT, operations, and other departments to integrate security into all aspects of business operations.
• Prepare regular reports on the status of information security to Board of Directors and Senior management.
• Manage and oversee third-party security assessments and audits.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree is a plus.
• Minimum of 5 years of progressive experience in technology, with at least 2 years in Information Security role, preferably within the financial services industry.
• Relevant professional certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly preferred.
• Strong understanding of information security frameworks and standards (e.g., ISO 27001, NIST, COBIT).
• Proven experience in conducting risk assessments, vulnerability management, and incident response.
• Familiarity with network security, application security, cloud security, and data protection principles.
• Excellent knowledge of security technologies and tools (e.g., firewalls, SIEM, EDR, DLP).
• Solid understanding of regulatory requirements related to information security in the financial sector.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
• Ability to work independently and as part of a team in a fast-paced environment.

contact email address:

Summary of Role

Responsible for supporting the Information Security Office (ISO) in the implementation and oversight of the Bank’s Governance, Risk, and Compliance (GRC) activities, while assisting in security monitoring and operational tasks related to cybersecurity. The role ensures ongoing alignment with regulatory frameworks, international standards (e.g., ISO 27001, PCI DSS), and the Bank’s internal security policies and procedures.

Key Objectives

Governance, Risk, and Compliance (GRC)

• Monitor implementation of the Information Security Framework in accordance with ISO 27001 and other relevant standards.

• Ensure regular risk assessment is carried out against all third party, outsourced, cloud services and controls are properly applied.

• Assist in preparing, monitoring and submitting MIS reports and key risk indicators (KRIs) related to Information Security.

• Coordinate with internal stakeholders to ensure all change requests are reviewed in accordance with Information Security guidelines.

• Maintain and update records of information security-related policies, procedures, and documentation.

• Ensure completion of all security health checks of ISO tools.

Operational Support

• Oversee access control lists and ensure proper user permissions are in place.

• Ensure Business Continuity (BCM) tools and Information Security solutions are functional at the Disaster Recovery (DR) site.

• Review contracts, annual maintenance agreements, and renewal schedules for security tools and systems.

• Support the audit process by coordinating responses and action plans for Information Security-related findings.

• Participate in security incident investigations and assist in root cause analysis and response documentation.

Awareness & Training

• Organize Information Security awareness programs across the Bank.

• Provide training materials and knowledge-sharing sessions for staff to build security awareness.

• Ensure Training and awareness related to Information security is planned, developed, and delivered to users.

Compliance Monitoring

• Ensure timely submission of deliverables for audit and regulatory compliance.

• Support periodic internal reviews and contribute to the improvement of SOPs.

• Track implementation status of remediation plans for identified vulnerabilities and audit observations.

Other Responsibilities

• Perform additional duties as assigned by the Head of Information Security or Risk Management.

• Maintain version control for Information Security documentation and ensure alignment with approved procedures.

Candidate Specifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• Minimum 5 years of relevant experience in Information Security implementation, Governance, or Operations.

Company Description

Crowe Mak Ghazali, Auditors and Business Advisors, is a member firm of Crowe Global established in the Sultanate of Oman in 1995. Located in Muscat, we are among the top ten Auditing and Accounting firms in Oman. We offer a wide range of services including accounting, auditing, business consulting, and tax advisory. Our mission is to provide total business solutions to our clients, supporting them from company formation through to full business operations.

Role Description

This is a full-time on-site role for a Senior Information Security Consultant located in Muscat, Oman. The Senior Information Security Consultant will be responsible for managing and implementing Information Security Management Systems (ISMS), ensuring data privacy, overseeing cybersecurity measures, and maintaining network security. Daily tasks include risk assessments, security audits, developing security policies, and providing security training to staff. The role also involves staying updated with the latest security trends and technologies to recommend and apply necessary changes.

Qualifications

Information Security Management System (ISMS) and Information Security Management skills

Data Privacy and Cybersecurity expertise

Network Security management experience

Excellent analytical and problem-solving skills

Strong communication skills and ability to work collaboratively

Relevant certifications such as CISSP, CISA, CISM, or similar

Bachelor's degree in Information Technology, Cybersecurity, or related field

Experience in the financial or consulting industry is a plus