Defines, reviews and updates the Information Security governance, including architecture, policies, processes, procedures and standards in alignment with regulatory requirements, business needs and best practices in the market.
Define, implement, monitor and enhance information security risk management program.
Define, manage and implement Information Security compliance framework.
Conducting Information Security Risk Activities.
Conducting Information Security Compliance Activities.
Conducting Information Security Audit Activities.
Participate in business continuity and disaster recovery plans from a cyber security perspective with Enterprise Risk Management across all functions.
Leads the process of communicating the information security program and strategy with all the internal stakeholders.
Ensures that our partners comply with the regulatory requirements with respect to any changes or updates in cybersecurity laws in Saudi Arabia.
Defines, implement and reports Information Security Awareness programs for technical, business staff and customers.
RequirementsTo qualify for the role, you must have:
• A bachelor's degree in IT, Computer Science, MIS, Risk Management, Software Development or related disciplines.
• A minimum of 3 years of experience working as a GRC Specialist with more than 5 years of experience in the Cyber Security domain.
• Hands on experience of fulfilling requirements of Saudi National CyberSecurity Authority and Saudi Digital Government Authority.
• Solid knowledge about the Saudi regulations related to CyberSecurity Framework.
• Well-rounded knowledge and experience in governance, risk management, compliance, internal audit, business continuity management as well as IT and information security (mastery of all is not mandatory).
• Strong data analytical skills are required
• Professional certifications such as: ITIL,COBIT,TOGAF,Certified Internal Auditor (CIA), (CFE), Governance, Risk, Compliance professional (GRCP), Professional Risk Manager (PRMIA) and/or PMP.
