وصف الوظيفة
- Risk Methodology Development: Experience in developing and refining risk assessment methodologies tailored to the organizational context and regulatory requirements.
- Risk Appetite and Tolerance: Ability to establish and communicate the organization's risk appetite and tolerance levels, aligning with strategic objectives and regulatory expectations.
- Risk Assessment: Conducting thorough risk assessments, identifying potential threats, vulnerabilities, and impacts, and developing appropriate mitigation strategies.
- Compliance Checks: Performing regular compliance checks to ensure adherence to regulatory and organizational policies, identifying gaps, and implementing corrective actions and implementation local and international standards like:
a-
Saudi National Cybersecurity Authority (NCA) Frameworks: ECC, CSCC and CCC.
b-
SAMA Cybersecurity Framework (CSF): In-depth knowledge and hands-on experience with the Saudi Arabian Monetary Authority's Cybersecurity Framework, ensuring compliance within financial institutions.
c-
SDAIA Personal Data Protection Law (PDPL): Practical experience in implementing and managing compliance with Saudi Data and Artificial Intelligence Authority's PDPL regulations, ensuring the protection of personal data.
d-
ISO/IEC 27001 Information Security Management System (ISMS): Comprehensive experience in implementing and maintaining ISO/IEC 27001 standards, leading to successful certification and continuous improvement of the ISMS.
- Key Performance Indicators (KPIs): Developing and monitoring KPIs to measure the effectiveness of the cybersecurity program and ensure alignment with organizational goals.
- Key Risk Indicators (KRIs): Creating and tracking KRIs to proactively identify and manage potential risks, ensuring timely and effective responses.
- Cybersecurity Strategy Development: Building and achieving cybersecurity strategies that align with business objectives, regulatory requirements, and industry best practices.
- Governance Framework: Developing and implementing robust governance frameworks, including policies, procedures, and standards, to ensure consistent and effective cybersecurity practices across the organization.
- Policy, Procedure, and Standards Development: Proven ability to develop, implement, and maintain cybersecurity policies, procedures, and standards that comply with relevant regulations and best practices.
- Leadership and Collaboration: Strong leadership skills with the ability to collaborate effectively with cross-functional teams, senior management, and external stakeholders.
- Communication: Excellent verbal and written communication skills, with the ability to convey complex cybersecurity concepts to non-technical stakeholders.
- Continuous Improvement: Commitment to continuous improvement, staying abreast of the latest cybersecurity trends, threats, and regulatory changes, and integrating them into the organization’s practices.
Qualifications
Educational Requirements: Candidate should have bachelor’s or master’s degree in cybersecurity, information technology, Computer Science, or a related field.
Professional Certifications: the candidates should be certified in Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)
Professional Experience between (3-5 years): the candidates should have experience in cybersecurity governance, risk, and compliance.