About you:
Join us. Unleash your energy within.

If you have world-class ambitions to reach the stars while keeping your feet on the ground, we’re the team for you. We've created a new breed of company – future-focused with reimagined ambition across all disciplines within the energy sector.

We love people who know their own potential and are not afraid to use it. We know that together, we’re far more than the sum of our parts. So, we celebrate people who want to grow and develop as we work together on some of the largest projects on the energy world stage.

We are committed to our diverse and inclusive community – a place where we can all be ourselves, thrive and develop. From day one, we offer a range of family-friendly, inclusive employment policies, flexible working arrangements, and employee networks to support staff from different backgrounds.

As an Equal Opportunities Employer, we value applications from all backgrounds, cultures, and abilities.

We’re a disability-friendly employer and can make adjustments to support you to perform at your best during the recruitment process.

Our purpose and beliefs:
As Kent, we’re tackling the greatest challenge of our time - to bring our world the energy it needs in the most responsible way ever imagined.

It’s the energy of every member of our team driven by our beliefs that is making this happen. Whatever our skill, our language, or our culture. These beliefs define and direct us every day to be the very best - for ourselves, our clients, our key stakeholders, the communities we operate in and the planet:

We PLAY BIG
We thrive on EMOTIONAL AGILITY
We are FANATICAL ABOUT PERFORMANCE
We are built on INFINITE THINKING

Read more about the Purpose, Beliefs and Guiding Principles that drive us:

Our vision for Diversity, Inclusion and Belonging:
We recognise that diversity & inclusion are catalysts for success. We’re heightening awareness on the benefits of people diversity, diversity of experiences and diversity of our perspectives. Creating a culture of inclusivity where all employees feel a sense of belonging.

Our combined energy is fueled by different nationalities, across 6 continents and 24 countries. Our commitment is to celebrate character – no matter what ethnic background, gender, age, religion, identity, or disability.

About the job:

Kent is looking for a Global IT Security and Compliance Director will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The role will provide the vision and leadership necessary to manage the risk to the Kent and will ensure business alignment, effective governance, systems, integrity, and confidentiality.

As a key leader of Kent’s CDIO office reporting directly to the Chief Digital and Information Officer the Global IT Security and Compliance Director, focuses on the governance, risk and compliance aspects of security within the business, The role holder shall further develop and maintain information security policies and processes, ensure appropriate technical cyber defence is in place and manage employee security awareness training. This role serves as a critical resource for employees and leaders regarding information security policy implementation, interpretation, and compliance. The roles assess and prioritises information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics monthly and maturity models.

The role is responsible for reducing information security and cybersecurity risk to Kent by helping to prioritize and drive remediation efforts throughout the organization through the following:

• Acting as a strategic partner to digital, engineering, and delivery leaders to enable secure innovation while managing enterprise, technology, and operational risk.
• Establishing Cyber Strategy and roadmap
• Establishing and maintaining governance and compliance standards.
• Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
• Creating, maintaining, communicating, and enforcing information security policies.
• Advising CDIO and senior executive leadership on risk management, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
• Working with technical teams to ensure adequate cyber protection.
• Measuring and driving maturity improvements, adoption and creating security roadmaps
• Chair Kent’s security council
• Represent as futuristic though leader on secure adoption of new application and AI technologies

The role supports the CDIO and advisory external consultancy on the execution of the Information & Cyber Security Strategy

Skills and Responsibilities:
Responsibilities:

Governance and Compliance

• Develops and owns overall security strategy.
• Owns and manages process for Incident Detection, Containment, Analysis and Response.
• Evaluates new cybersecurity threats and IT trends and develops effective security controls.
• Oversees development of security awareness programs.
• Evaluates potential security breaches, coordinates response, and recommends corrective actions.
• Define and report on information security metrics.
• Review technology architectures and ensure alignment with security best practices.
• Provide governance and oversight for the secure and responsible adoption of AI technologies, including data privacy and protection, model risk, ethical considerations, and compliance with emerging regulatory expectations.
• Oversee security governance for engineering platforms, automation tools, and system integrations, ensuring appropriate controls, access management, and resilience aligned to Kent’s digital delivery model.
• Provide governance and oversight of secure application development practices, ensuring security is embedded across the full software development lifecycle and modern DevOps delivery models.
• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.
• Develops and oversees effective disaster recovery and BCP policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
• Develops, implements and maintains a monthly security risk reporting framework for management teams and governance committees.
• Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that Kent meets both the requirements and intent of its regulatory and compliance obligations.
• Prepares for and facilitates external audit examinations. Works closely with external auditors and ensures requests are completed timely.
• Creates and manages an information security program.

Information Security Risk Assessment

• Identifies, analyses, evaluates, and documents information security risks and controls based on established risk criteria.
• Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks. Recommends controls to mitigate security risks identified via risk assessment process.
• Communicates risk findings and recommendations that are clear and actionable by business stakeholders.

Security Policy Management and Workforce Training and Awareness

• Supports workforce security activities including culture, awareness, and training.
• Facilitates collection of evidence to support investigations of possible security or policy violations.
• Analyses information security incidents in collaboration with other stakeholders.
• Coordinates remediation and awareness training.
• Researches, recommends, and contributes to information security polices, standards, and procedures.
• Assists with the lifecycle management of information security policies and supporting documents.
• Works with other organisational participants to implement information security policies.

Third-party Supplier and Vendor Risk Management

• Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.
• Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
• Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
• Assists with review of information security sections within supplier and client contracts, identifies gaps, and recommends security and data privacy content to close gaps.
  

In addition to the responsibilities listed herein, the employee may be required to perform other ad-hoc tasks as needed or directed by the supervisor or management. These tasks will be within the reasonable scope of the employee's skills, capabilities, and role within the organization. The intent of this provision is to allow for flexibility and adaptability in meeting the dynamic needs of the organization, ensuring that operational requirements can be met efficiently. All such tasks will be assigned considering the employee's current workload and with respect to their professional development.

Your knowledge/skills, education, and experience:
Knowledge/ Qualification/ Training/ Certification:

• Bachelor’s degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field. Master’s degree preferred.

Communication:

• Excellent command of the English language in both oral and written communication and skills.
  

Behavior/ Core Competencies:

• Minimum of ten (10) years within the last twelve (12) years of experience in the field related to the title of the position.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification.
• Knowledge of Information technology infrastructure library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment.
• Experience in establishing cybersecurity and risk metrics for reporting
• Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
• Demonstrated management skills, e.g. policy development and implementation, personnel administration, staff training and development. Demonstrated ability to work with diverse people; effective oral and written communication skills.
• Knowledge of Energy sector security requirements and regulations
  

HSSEQ:

• The Employee shall observe the Health, Safety, Sustainability, Environment and Quality rules of the Company; it’s clients and the governing authorities of the host country.

Details about the role:
Location: UAE
Relocation required: No
Travel required: Yes
Contract type: Permanent
Experience level: 10+ years