Head of Information Security

Bachelor of Technology/Engineering (Computers), Bachelor of Science (Computers)

Nationality

Any Nationality

Vacancy

1 Vacancy

Job Description

The Head of Information Security is responsible for shaping and enforcing the organization’s information security strategy and programs to protect its information assets, technologies, and data. This role oversees cybersecurity governance, risk management, compliance, security operations, and incident response, ensuring alignment with business objectives while addressing evolving cyber threats.

1. Security Strategy & Governance
   • Develop and implement the organization’s information security strategy aligned with business goals, regulatory requirements, and industry best practices.
   • Establish and maintain security policies, frameworks, and guidelines (e.g., NIST, ISO 27001, CIS) across IT, OT, and ICS environments.
   • Conduct enterprise-wide risk assessments and security audits, reporting key findings and recommendations to senior leadership.
   • Oversee the cybersecurity budget and resource allocation to ensure cost-effective investments in security technologies and personnel.
   • Identify, assess, and mitigate cybersecurity risks across IT, OT, and cloud environments, developing an enterprise risk management program.
   • Ensure compliance with global and local regulations (e.g., GDPR, CCPA, ISO 27001, Saudi NCA) and manage third-party security assessments.
   • Collaborate with legal and compliance teams to address data protection laws, contractual obligations, and industry-specific regulations.
   • Maintain risk registers, prioritize remediation efforts, and monitor the effectiveness of security controls.
2. Security Operations, Vulnerability Management & Incident Response
   • Oversee the Security Operations Center (SOC) to ensure continuous threat monitoring, detection, and response.
   • Implement and manage a Vulnerability Management Program, including automated scanning, patch management, and regular penetration testing.
   • Plan, coordinate, and oversee internal and external penetration testing activities to identify and remediate security weaknesses across systems, networks, and applications.
   • Lead the incident response function, ensuring rapid containment and recovery from cyber threats, and conduct root cause analysis on significant incidents.
3. Identity & Access Management (IAM)
   • Ensure robust IAM frameworks, including privileged access management (PAM) and multi-factor authentication (MFA).
   • Oversee periodic user access reviews and enforce least privilege principles.
   • Collaborate with HR and IT to streamline user lifecycle management (joiners, movers, leavers).
4. Secure Technology & Cloud Security
   • Champion secure-by-design principles in on-premises, cloud, and hybrid environments.
   • Implement cloud security controls (e.g., Zero Trust Architecture) and ensure alignment with best practices (AWS, Azure, GCP).
   • Work with development teams to embed security in the software development lifecycle, minimizing vulnerabilities.
5. Security Awareness & Culture
   • Lead cybersecurity awareness programs to instill a strong security culture among employees and stakeholders.
   • Conduct phishing simulations and security training to reduce human-related risks.
   • Communicate security policies and best practices clearly across all levels of the organization.
   • Stay abreast of emerging cyber threats, ensuring proactive adaptation to new challenges.
   • Evaluate and implement AI/ML-driven security solutions for enhanced threat detection and response.
   • Drive automation and orchestration initiatives to optimize security processes.
6. Disaster Recovery Planning & Resilience
   • Develop, implement, and maintain a comprehensive Disaster Recovery Plan (DRP) to ensure the organization’s ability to recover critical systems and data in the event of a disruption or cyber incident.
   • Regularly test and validate the DRP through simulated disaster scenarios, including failover exercises, to ensure readiness and effectiveness.
   • Collaborate with IT, business units, and third-party vendors to align the DRP with business continuity objectives and ensure seamless recovery of operations.

Qualifications, Experience & Skills

• Bachelor’s degree in information security, Computer Science, or a related field (Master’s preferred).
• Relevant industry certifications (e.g., CISSP, CISM, CISA, CRISC, GIAC) are highly desirable.

• 12+ years of information security leadership experience, overseeing governance, risk, compliance, and security operations.
• Proven track record in enterprise-wide security transformation projects (IT and OT environments).
• Hands-on expertise with SIEM, EDR, IAM, firewalls, encryption, and cloud security technologies.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advise against sharing personal or bank-related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

United Company for Electrical Transformers