Principal Advisor (OT)
Principal Advisor, IT Compliance and Controls
Oyu Tolgoi’s workforce today is more than 93 per cent Mongolian, and major strategic focus for the company is to develop a skilled workforce that is continuously learning. We aim to attract the best talent, so that we can together deliver a safe and globally competitive copper business that contributes to the prosperity of Mongolia.
We are looking for one ( 1) Principal Advisor, IT Compliance and Controls in Oyu Tolgoi LLC – Information Technology department with a 50/50 roster between Ulaanbaatar and the Oyu Tolgoi mine site.
This is an opportunity to be part of the Information Technology Senior Leadership Team, taking charge of, and shaping the IT Compliance and Controls environment at Oyu Tolgoi with a strong focus on Cyber Security Risk Management. In this role you will be a part of both local and global teams made up of technology experts across multiple disciplines implementing leading edge technology as part of the Oyu Tolgoi Underground Expansion project.
A combination of thought-leadership and practicality is necessary to ensure the correct balance is achieved between operational effectiveness and controls. The Principal Advisor is accountable for delivering clear and consistent explanations to complex issues to ensure risk is appropriately assessed resulting in controls that are fit for purpose.
What the role entails:
- The role will be accountable for the security and integrity of data, data systems, and data networks across Oyu Tolgoi. This includes designing and implementing disaster recovery processes and business continuity procedures for re-establishing servers, databases, and operating systems in the event of a disruption, both minor and catastrophic.
- The role will ensure that all changes are managed in a controlled manner, including standard changes and emergency maintenance relating to business processes, applications, infrastructure, and utilizes the appropriate risk management assessment. This includes change standards and procedures, impact assessment, prioritization and authorization, emergency changes, tracking, reporting, closure, and documentation.
- Build and manage a periodic certification process designed to assure adherence to security policy including, but not limited to:
- Verification that all terminated employee user accounts have been properly disabled
- Validation that user access privileges are approved, appropriate, and current
- Confirming that all security policies and standards are periodically reviewed, updated, and communicated
- Perform security / IT risk assessments, business impact analyses, and other reviews to identify areas for potential improvement and provide guidance on prioritizing remediation efforts.
- Establish, promote, and deliver an effective multi-faceted security awareness training program to educate Oyu Tolgoi employees, contractors, and others on best practices and expectations
- Review data generated by Security Event and Information Management (SEIM) tools for signs of malicious or suspicious activity
- Provide guidance and participate in incident response processes and documentation
- Serve as a central point of contact and provide coordination for internal and external audits including monitoring and tracking remediation efforts and other action items
- Conduct risk assessments and business impact analyses to identify vulnerable areas within the company’s critical functions.
- Develop and establish disaster recovery procedures for the restoration of mission-critical business applications in the event of natural disasters, technical failures, power outages, and human interference.
- Develop, implement, maintain, and oversee enforcement of policies, procedures and associated plans for disaster recovery administration and business continuity based on industry-standard best practices within the Oyu Tolgoi BRP.
- Work with group cyber security and take point as Oyu Tolgoi IT for any related group cyber security work or projects.
What you will need for this role:
- Master or above degree in Information Technology or relevant discipline
- Experience typically achieved through graduate qualifications and at least 5 to 10 years relevant experience.
- One or more of the following certifications strongly preferred:
- CISSP (and/or other ISC2 certifications)
- CISM, CISA, CRISC (and/or other ISACA certifications
- PMP or other project management certifications
- Other industry recognized certifications or accreditations
- Knowledge and experience using IT and security control frameworks such as OWASP, COBIT, ISO, ITIL, NIST, and others preferred
- Experience leading and managing teams
- Experience working in fast paced environments with the ability to manage workload during times of stress or escalated activity
- Comfortable with impromptu tasking and loosely defined requirements
- Solid technical and practical knowledge of security concepts (identification, containment, eradication, recovery)
- Develops quality assurance guidelines and processes to ensure quality and compliance of IT services;
- Identifies latest tools and technologies to improve quality and compliance statistics.
- Works with technical teams to design complex IT network infrastructure that effectively reflects business needs, service levels, availability requirements and other technology parameters with the appropriate security posture
- Works with the technology teams to identify and address threats as they arise
- Excellent in both Mongolian and English language skills (both verbal and written)
Please click HERE to go to Oyu Tolgoi LLC Online Application System or go to www.ot.mn/Career, select your vacancy and click on the link in the bottom.
- Please note, in order to be successfully considered for this role you must complete all pre-screening questions.
- And also please fill out the applications forms in English
- Please make sure to attach the following documents:
- CV (in English and Mongolian)
- Cover Letter (in English and Mongolian)
If you have any enquiries, please contact the following addresses:
Monnis Tower, 1st Floor
Chinggis Avenue 15, Sukhbaatar District
Ulaanbaatar - 14240, Mongolia
Tel: + (976) - 7010-3604
All potential candidates must be medically cleared.
Only shortlisted candidates will be contacted and asked to submit additional documents
For successful candidates, please be advised that information submitted and collected during the recruitment process may be used or required by other HR functions such as Training and HR Services.
Employees of the Oyu Tolgoi LLC and subcontract companies currently working at Oyu Tolgoi mine must notify their employer of their application prior to progressing to the interview stage.
Oyu Tolgoi LLC ensures fair and transparent recruitment practices where all applicants are provided with equal opportunities and the decision on recruitment is made by committee members without any involvement of mediating individuals.