Saudi Aramco GI 710.015 INFORMATION SECURITY ANALYST PROGRAM

This General Instruction Manual outlines the Saudi Aramco Information Security Analyst (ISA) Program, detailing the appointment requirements and the responsibilities of key program stakeholders. It covers essential aspects of information security management, including the ISA's role in organizing and coordinating Data Protection Programs, managing information assets, conducting risk assessments, and ensuring robust access control and data backup.

The document also defines requirements for Assistant ISAs (AISAs) and addresses responsibilities for affiliates, subsidiaries, and waiver processes. It serves as a critical reference for maintaining confidentiality, integrity, and availability of Saudi Aramco's information assets.

This comprehensive guide specifies qualification assessments, technical interviews, and background investigations necessary for ISA and AISA roles. It emphasizes the importance of these roles in safeguarding company information and outlines their involvement in security awareness, business continuity planning, and physical security.

The document details the functional responsibilities of the Corporate Security Services Division (CSSD), Information Protection Department (IPD), and Organization Heads in administering and supporting the ISA Program, ensuring effective information security across the organization. Ideal for Information Security Analysts, IT Security Officers, and Compliance Managers working in the oil and gas sector or similar large enterprises.