Senior Common Criteria Certification Specialist

Overview

Key Responsibilities

• Senior Certifier is responsible for the conduct of the day to day certification, validation, oversight, certificate maintenance and mutual recognition with the common criteria standards.
• Ensuring that the highest standards of competence and impartiality are maintained, and that consistency is achieved across all evaluation and certification activities;
• Possess a deep understanding of Common Criteria standards, Protection Profiles, Security Targets, Evaluation Assurance Levels (EALs), and related documentation
• Provide guidance and mentorship to CB team members Certifiers and evaluators, ensuring their understanding of the certification process and helping them with complex evaluations.
• Lead and oversee the review and assessment of documentation submitted by product developers, including Security Target documents, design specifications, and test plans.
• Conduct advanced technical risk assessments, identifying potential security weaknesses or flaws in products or systems and providing expert guidance for mitigation.
• Oversee and manage the testing phase, ensuring that security testing is conducted rigorously and accurately.
• Conduct of day-to-day certification, certificate maintenance and mutual recognition projects and in compliance with scheme documentations.
• Assisting with the development of policies, standards, procedures and guidelines.
• Make recommendations regarding certification at specific Evaluation Assurance Levels (EALs) based on extensive evaluation expertise and knowledge of the certification process.
• Stay up-to-date with the latest developments in security, emerging threats, and evolving technology to ensure the certification process remains relevant.
• Collaborate with stakeholders, such as developers, evaluators, and national certification authorities, to ensure a consistent and accurate evaluation process.

Requirements

• A university degree-level qualification in IT, information security or a related field. ideally with a focus on security domains.
• Certification from a recognized Common Criteria certification body and previous experience as a Certifier is desired
• IT Security Overview Training and certification
• Common Criteria for IT Security Evaluation Training and certification
• Minimum 8 years
• Minimum 4 years of work experience as a Senior IT / Information Security / Cyber Security Auditor and/or Risk Management and/or Cyber Security/Information Security Management.
• Proficiency in Arabic and English (spoken and written) is preferred

Other Required Qualifications

• Analytical and problem-solving skills
• Proven experience in IT and Information Security Assessment
• Common Criteria for IT Security Evaluation Training
• Experience in Risk Assessment and management.
• Should have hands on experience in information security
• Understanding of ISO27001 certification audit requirements
• Excellent communication, documentation, and report-writing skills.
• In-depth knowledge of security testing methodologies and tools.
• Have analytical & assessment experience of formal schemes and can assess a situation in a fair and objective manner in order to arrive at a firm conclusion.
• Have training, workshops planning and delivery experience across Government & private sector.

Technical

• Experience in Risk Assessment and management including audit methodologies and risk assessment methodologies.
• Understanding of NIA controls and implementation requirements
• Proficiency in security frameworks and standards like NIST, ISO27001, NIA.
• Strong awareness of Information Security / Cyber Security trends.

Behavioural

• Ability to multitask and work effectively with multiple project teams, sponsors, and customers.
• Ability to pay close attention to detail, meet deadlines and work under pressure.
• Interpersonal skills
• Work autonomously with a high degree of enthusiasm

Specific

• Excellent technical report writing skills.
• Have capabilities to understand and interpret the Certification Criteria (ISO/ IEC 17021, ISO/ IEC 17024, ISO/ IEC 27006 and ISO/IEC 17065).
• Knowledge of auditing and information assurance standards like ISA, ITAF, ISO17021, ISO19011.
• Proficiency in security frameworks and standards like, ISO27001, NIA, CSF Q2022.
• Familiarity with third-party audit, Certification and Information Security / Cyber Security audits.
• Proven, hands on, experience in Information Security Audit or Information Security Management.