Cyber Security Expert

Job Description

Supervise and manage cybersecurity teams and their activities, while enhancing their skills and improving training methodologies to develop, retain, and advance cybersecurity talent.

Provide expert guidance and advisory to the organization's leadership, cybersecurity leaders, and teams on cybersecurity matters.

Effectively communicate cybersecurity risks to senior management.

Develop security risk descriptions for IT systems by assessing threats and vulnerabilities.

Develop risk mitigation strategies to manage risks in line with the organization's policies.

Establish cybersecurity countermeasures and strategies to address security risks.

Define primary and residual cybersecurity risks affecting system operations.

Ensure cybersecurity decisions are based on fundamental risk management principles.

Conduct risk analysis whenever a program or system undergoes significant change.

Provide input for the risk management framework and related documentation.

Ensure cybersecurity risks are properly identified and addressed through the organization's risk governance process.

Perform cybersecurity risk assessments and collaborate with stakeholders to implement and maintain a risk management program.

Select team members and assign roles related to implementing the risk management framework.

Develop the organization's risk management strategy, including defining risk appetite levels.

Conduct initial risk assessments for stakeholder assets and continuously update risk evaluations.

Work with organization leaders to ensure real-time risk monitoring tools provide continuous awareness.

Leverage continuous monitoring tools to proactively assess risks.

Serve as an internal cybersecurity consultant and advisor within your area of expertise.

Qualifications and Requirements

• Bachelor's or master's degree in Cybersecurity, Information Security, Computer Science, Risk Management, or a related field.
• 10-15 years of experience in cybersecurity, risk management, governance, or compliance roles.
• 5+ years of leadership experience managing cybersecurity teams.
• Proven track record in developing and overseeing cybersecurity governance, risk, and compliance strategies at an organizational level.
• Experience in cyber risk assessments, audits, regulatory compliance, and security frameworks such as ISO 27001, NIST, NCA, PDPL, GDPR, and PCI DSS.
• Experience designing, implementing, and improving risk management frameworks and incident response strategies.
• Experience conducting cybersecurity awareness training and developing security policies, procedures, and standards.

Technical & Leadership Skills

• Strong understanding of cybersecurity frameworks and risk management methodologies (e.g., NIST CSF, ISO 27005, NCA).
• Expertise in compliance and regulatory requirements related to Saudi cybersecurity laws, NCA frameworks, PDPL, SAMA, and global standards.
• Ability to lead cybersecurity risk assessments, audits, and threat modeling.
• Experience working with cybersecurity tools, including GRC platforms, vulnerability management solutions, SIEM, and risk assessment tools.
• Proven ability to manage and develop cybersecurity teams, mentor talent, and foster a security-aware culture.
• Strong leadership and communication skills, with the ability to interact effectively with executive management and technical teams.
• Strategic decision-making skills to align security initiatives with business objectives.