Creates information security strategies, both short-term and long-range, in support of the company’s goals.
Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the company’s goals and business processes so effective controls can be put in place for those areas presenting the highest information security risks
Conduct regular information security vulnerability & risks assessments for the group
Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the company.
Oversees all ongoing activities related to the development, implementation, and maintenance of the company’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of information at rest or in motion within group systems and assisting departments in local process and procedure development, ensuring they are not in conflict with company policies.
Develops information security awareness training and education programs, and participates in local, regional, and national awareness and education events, as appropriate.
Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
Evaluates security incidents and determines what response, if any, needed and coordinates company responses when sensitive information are breached.
Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
Provide advice and take action, where necessary, in response to Audit findings and recommendations in respect of information security
Obtaining ISO 27001 certification at HO and maintaining accreditation status
Skills and Qualifications:
At least ten years in information security at a similar enterprise with information technology and information systems experience is required. Applicable experience includes, but is not limited to, computer and networking infrastructure, information security projects management, and risk management, information security advisory and training.
ISO 27001-certification and implementation experience is necessary
CISSP (Certified Information Systems Security Professional) is essential
Professional certification (GIAC, CISA, CISM, PMI, PRINCE2, etc.) is preferred.
A bachelor’s degree in Computer Science, Cyber Security or a related technical field.
Knowledge / experience in PCI- DSS standards.
Effective verbal and written communication skills and proficiency in writing technical specifications are required.
Information Security Officer (ISO)
Location: Eastern Region Saudi Arabia
Posted On: on 23/1/19
Login With Your Linkedin ID
The email address you entered is not registered with GulfManagers Account.