Information Security Manager

We’re looking for Information Security Manager to be responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information are owned, controlled, or processed by the organization.
• Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board
• Develop, maintain and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
• Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
• Develop and manage information security budgets, and monitor them for variances.
• Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Coordinate measures and reports on the technical aspects of security management.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response, and reporting.

Qualifications

• Bachelor’s degree in computer science, information technology, or related field.
• Excellent leadership and mentoring skills.
• High level problem-solving and communication skills

• Good written and verbal communication.
• Must be Saudi National.
• Must be based in Riyadh, Saudi Arabia.

• Must have 3-4 years of Experience in the same field.
• Insurance experience is preferable.