- Develop, implement, and monitor strategic, comprehensive enterprise information security and risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled or processed by the organization
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Oversee information security audits, whether by performed by organization or third-party personnel
- Manage security team members
- Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
- Implement and oversee technological upgrades, improvements, and major changes to the information security environment
- Supervise Penetration testing activities’ findings and reporting
- Supervise vulnerability management program
- Maintaining governance and compliance against related standards and regulations (ISO 27001, ISO 22301, PCIDSS and GDPR)
- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
- Manage and coordinate operational components of incident management, including detection, response and reporting.
- Acting as SME in SOC operations and technical advice
- Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
- Following on Business Resilience Activities targeting:
- Dealing with disruption, uncertainty and change with clear intent, coherence and appropriate resourcing.
- Identifying legal and regulatory constraints, as well as voluntary codes adopted by different sectors, that can limit desirable resilience actions.
- Drawing upon the existing risk management framework, continuously monitoring and securing the environment in which it operates, including the legal and regulatory context, the geopolitical and competitive environment following the company’s interested parties’ needs and expectations.
- Developing and maintaining the Business Resilience budget and ensuring that it is within the planned limits.
• Language Skills: Good command of Arabic and English (oral/written).• Excellent communication and interpersonal skills.• Very good analytical and writing skills. •CISA / CISM / CISSP / ISO 27001 Lead Auditor / ISO 27001 Lead Implementer / OSCP/ CBCP certs is a plus or another related certificate• 3+ years of experience in related field• Experience in managing projects.• Experience facilitating group discussions, training/awareness and exercise scenarios.• Knowledge of industry standards for the field.