Description

What Youll Do...The InfoSec teams mission is to safeguard the confidentiality, integrity and availability of all TG systems by collaborating cross-functionally, contributing to creating a resilient infrastructure and a culture of security. Youll enjoy working across TG as well as with our partners and regulators to implement, maintain, and continually improve the organisations security posture within KSA.You will be a key member of the teams responsible for the ISO 27001 certified Information Security Management System (ISMS) - its governance and compliance across the business. Youll be responsible for implementing CBBs Cybersecurity Framework and achieving the necessary maturity level. Youll collaborate with technical and non-technical teams to ensure the implementation, compliance and awareness of both technical and organisational controls are to the highest standards.We seek team players that have low ego but high ambition. Youll want to join a mission driven company, building a world class customer experience, creating a world class technology and security operating that inspires high performing teams.Well need you to
• Maintain, communicate, audit, and improve the organisations ISO 27001 certified Information Security Management System.
• Coordinate with the regulator on matters pertaining to cybersecurity threats, compliance with CSF etc.
• Deliver risk-based cyber security solutions that address people, process, and technology including information security policies & processes.
• Manage the cyber security activities, including:
• Monitoring of the cyber security activities (SOC monitoring).
• Monitoring of compliance with cyber security regulations, policies, standards, and procedures.
• Overseeing the investigation of cyber security incidents & performing cyber security reviews.
• Gathering and analyzing threat intelligence from internal and external sources.
• Measure and review performance metrics to monitor compliance with CBBs Cybersecurity Framework and associated policies, procedures, and controls.
• Collaborate with clients, third parties, and regulators to complete effective due diligence processes demonstrating the maturity and effectiveness of the organizations policies and controls.
• Evangelise security across the business by delivering security awareness training, campaigns and initiatives through third parties, phishing and ransomware assessments, and the use of effective internal communication tools to build a security-focused culture.
• Contribute the organisations security incident response programme responding and recovering from any threats. Including the evaluation and reporting of security incidents.
• Advocate data privacy. Perform data mapping and risk assessment and in order to implement strong controls. Align systems, policies, and procedures with these regulatory bodies and laws regarding data protection.