Cyber Security Manager

• Summary:

The Cyber Security Manager is responsible for establishing robust cybersecurity Governance, Risk Management, Compliance, and Assurance functions to enable reporting to senior executive management on cybersecurity performance, maturity, risks, and compliance. The Cyber Security Manager ensures the company is ready to identify, protect, detect, respond, and recover from cyber threats and attacks, and continuously manages cyber risks. In addition, the Cyber Security Manager is responsible for developing, implementing, and overseeing the company's comprehensive information security strategy and programs to protect the organization's data, systems, and infrastructure from cyber threats. This role will lead the security team and collaborate cross functionally to ensure the company's security posture aligns with its business objectives and regulatory requirements.

• Duties and Responsibilities:

1. Information Security Strategy and Governance:

Develop and maintain a comprehensive information security strategy and roadmap that addresses current and emerging security risks. Establish security policies, standards, and procedures to safeguard the company's assets.

2. Risk Management:

Identify, assess, and mitigate information security risks through the implementation of appropriate controls, processes, and technologies. Oversee risk assessments, vulnerability management, and incident response planning.

3. Security Operations:

Ensure the effective operation of security tools, technologies, and processes to detect, prevent, and respond to security incidents. Oversee the security monitoring, vulnerability management, access control, logging, and alerting capabilities.

4. Compliance and Regulatory Management:

Ensure the company's information security practices comply with relevant laws, regulations, and industry standards. Serve as the primary point of contact for security-related audits and regulatory inquiries.

5. Security Awareness and Training:

Develop and implement security awareness programs to educate employees on best practices and their role in protecting the organization's information assets.

6. Vendor and Third-Party Risk Management:

Assess and manage the security risks associated with third-party vendors, partners, and service providers. Ensure appropriate security controls are in place for all third-party relationships.

7. Continuous Improvement:

Continuously monitor the threat landscape, industry trends, and emerging technologies to identify opportunities for improvement in the company's security posture. Implement security enhancements and drive a culture of security within the organization.

8. Collaboration and Stakeholder Management:

Effectively communicate security risks, strategies, and initiatives to executive leadership, the Board of Directors, and cross-functional teams. Serve as a trusted advisor and collaborator on security related matters.

9. Cybersecurity Architecture:

Assess the cybersecurity Architecture alignment to ensure cybersecurity requirements are introduced at early stages of Information Technology related to on premise projects.

• Role Requirements:

Minimum years of experience:

• 10 years of experience in total.
• 5-7 years of experience working within information security organization.

Educational level: One of the below.

• Bachelor of Science > Computer and Information Systems > Information Technology.
• Bachelor of Science > Computer and Information Systems > Information Security.
• Bachelor of Science > Engineering > Information and Network Security.

Preferred Licenses/Certifications to have:

• Certified Info Sys Security Manager (CISM) - CISM is an independent information security certification granted by ISACA.
• Certified Info Sys Security Professional (CISSP) - CISSP is an independent information security certification granted by the International Information.

Must have knowledge, training, technical skills and competencies:

• Energy business.
• Company's operations.
• Principles of cybersecurity and application of Governance, Risk & Compliance.
• Cybersecurity operations such as Security Operations Center, vulnerability management, incident management & recovery.
• Cybersecurity related threats & vulnerabilities & their potential impact upon breach.
• Supply chain security practices.
• Security systems, methods and techniques.
• IT & OT operational differences.

Language Skills:

Arabic Language > Preferred > Full Professional Proficiency.

English Language > Required > Full Professional Proficiency.