Simira'
On-site
SAR 200,000 - 300,000
Full time
Job summary
A leading company in Saudi Arabia is seeking an experienced Information Security professional to lead the design and implementation of an Information Security Management System (ISMS). The ideal candidate will ensure compliance with security requirements and enhance reporting to stakeholders. Strong experience in risk management, governance, and security policies is essential.
Qualifications
- Experience in designing and implementing information security policies.
- Strong understanding of governance, risk and compliance systems.
- Proven track record in enhancing security awareness across organizations.
Responsibilities
- Lead the design and implementation of an Information Security Management System (ISMS).
- Review and assess security operations for efficiency and effectiveness.
- Produce periodic reporting on the information security program.
Skills
Auditing
Stakeholder Communication
Risk Management
Information Security Policies
KPI and KRI Development
Security Awareness Training
Governance, Risk and Compliance
Project Management
Scope of Work
- Implement & periodically review Security Framework (Strategy, Operating Model and Tactical Roadmap).
- Mature towards risk based organization.
- Meet ongoing compliance and regulatory requirement.
- Check Security Posture, Control implementation and enhance them.
- Review/Assess Security Operations (SOC, Security Tools/Devices and Application Security) functions to ensure effectiveness and efficiency.
- Be an enabler of business and enhance value from investment/efforts.
- Lead the design and implementation of ISMS and enforcement of information security policies.
- Ensure security processes are defined by respective SMEs (viz., Threat modelling, Application Security, SOC).
Skills
- Ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements.
- Conduct audits.
- Communicate with and report to (as required) all internal and external stakeholders.
- Identify and involve relevant stakeholders (internal and external).
- Review the status of the information security program with Section Heads.
- Define/Modify KPIs and KRIs for security activities to aid in management decision.
- Work to enhance security awareness through the organization.
- Establish an information security risk management program and process and maintain risk registers.
- Produce periodic reporting on the status of work (including KPIs and KRIs) to ISO and Section Heads.
- Assist in governing/overseeing the information security program and plan.
- Structured project management experience in deploying security-related initiatives.
- Knowledgeable about governance, risk and compliance systems and how to design a GRC framework.
- Experience in design and maintenance of policies, process, risk and controls.
- Coordinate and drive adhoc programs, budgets, service contracts, vendor and business partnerships.