Cyber Security Manager

The CISO shall be responsible for driving the organization’s cybersecurity strategy and ensuring compliance with applicable regulatory and statutory instructions on information and cybersecurity. You will be responsible for enforcing policies that a regulated entity uses to protect its information assets, as well as coordinating cybersecurity-related issues within the organization and with relevant external agencies.

Responsibilities

1. Define the Information Security Roadmap aligned with the organization’s long-term goals and future challenges.
2. Create, execute, and oversee a strategic enterprise information security and IT risk management program.
3. Lead, implement, and review hardware, network, and software security standards and controls to protect systems, data, and assets from internal and external threats, preventing information and data loss/frauds.
4. Identify and implement the best security products and tools for various purposes.
5. Proactively monitor and identify security issues, potential threats, vulnerabilities, and continuously improve security standards.
6. Own and conduct information security awareness training for all employees.
7. Implement and lead security assessment practices including audits and reviews.
8. Provide strategic risk guidance and consultation for IT projects, including security risk assessments of implementation architecture, standards, and protocols.
9. Conduct real-time analysis, investigations, and forensics when needed to strengthen security measures.
10. Develop strategies for handling security incidents and communicate with stakeholders regularly regarding security practices and activities.
11. Develop and deploy information security technologies and solutions to minimize cyber-attack risks.
12. Continuously assess current IT security practices and systems to identify improvement areas.
13. Ensure compliance with SAMA cybersecurity framework, PDPL, and other relevant regulations.
14. Develop and implement business continuity plans.

Qualifications

1. Engineering graduate or postgraduate in Computer Science, IT, Electronics and Communications, or a cybersecurity-related field.
2. Minimum of 10 years' experience in risk management, information security, or cybersecurity.
3. Strong knowledge of information security management frameworks such as ISO/IEC 27001 and NIST.
4. Good understanding of DevSecOps, Secure SDLC, security automation, testing concepts, DR, and BCP concepts.
5. Familiarity with industry security standards, protocols, and relevant data privacy regulations.
6. Ability to manage ambiguity and solve complex problems.
7. Ability to work with cross-functional teams, collaborate, and demonstrate leadership.
8. Certifications such as CISSP, CEH, CISA, and CISM, with deep implementation experience, are advantageous.
9. Excellent written and verbal communication skills, high personal integrity, and presentation skills.
10. Experience working in payments, banking, or fintech domains is essential.