Best Risk and Compliance Program
Photo Gallery
Best Risk and Compliance Program
Additional Info
Job title of nominated professional (or team name) | Cybersecurity and Privacy team |
Company (where nominated professional or team is working) | https://solutions.com.sa/ |
Website | https://solutions.com.sa/ |
Company size (employees) | 1,000 to 4,999 |
Country | Saudi Arabia |
Headquarters Region | Middle East |
Overview
In today’s digital world, cybersecurity risks are ever-increasing. Every day, businesses and organizations face the threat of cyber-attacks, which can result in significant financial losses and damage to their reputation. That is why it is crucial to have a solid cybersecurity risk management strategy in place.
In solutions we have a robust cybersecurity (CS) risk management program, which consists of a comprehensive CS risk assessment framework and various triggers to conduct periodic CS risk assessments on the critical services of solutions. The CS risk management program was established to address the following expectations:
• Identify the key cybersecurity risks in business-critical services within the departments of solutions.
• Develop mitigation plan to ensure timely closure of the identified CS risks by implementing adequate controls.
• Establish a comprehensive approach of CS risk management practices across the organization.
• Improve the overall cybersecurity posture of the departments.
• Effectively track and monitor the status of CS risk mitigation through follow-ups with departments periodically.
• Ensure that new services/products are assessed for potential CS and data privacy risks and mitigated as required before go-live in production. This also includes detailed VA and PT exercises being performed, which helps in identifying critical vulnerabilities, if any.
• Assess the potential CS risks associated with third-party vendors and service providers.
• Assess the potential CS risks associated with using social media platforms in solutions for business purposes.
The CS risk management methodology precisely consists of the following activities- establishing the context, performing risk assessment (risk identification, analysis, and evaluation) and risk treatment. These phases are managed effectively throughout the stages with the help of communication and consultation, recording and reporting, monitoring, and reviewing activities.
• Defined CS Risk Assessment Calander: we have a calendar of various CS risk assessment activities planned during the beginning of each year to ensure seamless functioning of the exercise. In addition to the calendar, we also actively perform ad-hoc
Accomplishments
• Communication and Awareness: we have developed and enhanced the CS risk management program steadily over the years with the help of stakeholders’ support. This has been possible due to our effort in communicating with the stakeholders during every step of the CS risk management process. We conduct workshops for users to provide awareness about the CS risk management practices, new initiatives, and general understanding of the approach for better alignment.
• Integration of Inputs from Different Sources: our CS risk assessment exercises are not stand alone. We consider inputs from various relevant sources to ensure that the areas of concern/focus are holistically approached for the departments. This will help the business units to address cybersecurity issues strategically rather than transitionally.
• Solutions by stc data privacy and protection landscape is undergoing a significant transformation with the introduction of the Personal Data Protection Law (PDPL) and the Data Cybersecurity Controls (DCC) directives. These regulations, along with the National Data Management Office (NDMO, Communications, Space & Technology Commission (CST), and National Cybersecurity Authority (NCA) requirements, establish a comprehensive framework for data privacy and protection.
• In solutions by stc we can achieve standardization and compliance by integrating these regulations into our existing risk management framework. This involves conducting thorough data privacy impact assessments (PIAs) that identify, analyze, and evaluate potential risks associated with data collection, storage, processing, and disclosure. The outcomes of these PIAs are then incorporated into the record of processing activities (ROPA) practices, ensuring data privacy considerations are factored into overall risk management strategies.
• By implementing a standardized approach that aligns with PDPL, DCC, NDMO, CST, and NCA regulations, solutions by stc in Saudi Arabia demonstrates our commitment to data privacy and build trust with stakeholders. This not only mitigates legal risks but also fosters a culture of data responsibility within the organization.