Information Security Manager📣 Job Ad
| Contract Type | Full-time | |
| Workplace type | On-site | |
| Location | Makkah |
Job Description
About the Role
My Clinic KSA, a leading multispecialty outpatient care provider in Saudi Arabia since 2017, is seeking an Information Security Manager to lead its information and cybersecurity program. This full-time position is based in Jeddah and Makkah.
Role Overview and Responsibilities
The Information Security Manager will be responsible for developing and executing comprehensive security and risk management strategies, with a primary focus on Governance, Risk, and Compliance (GRC). This role ensures the protection of sensitive patient data and adherence to cybersecurity regulations, including CIS, NIST, and National Cybersecurity Authority (NCA) controls and standards. Key responsibilities include:
- Developing and implementing information security and data protection policies aligned with industry standards (CIS, NIST, NCA) and KSA's Personal Data Protection Law (PDPL).
- Leading enterprise-wide risk assessments, maintaining a risk register, and implementing mitigation strategies.
- Overseeing outsourced Security Operations Center (SOC) activities, ensuring effective threat monitoring, detection, and response, and reviewing SOC performance against KPIs.
- Ensuring organizational compliance with cybersecurity frameworks (CIS, NIST, NCA) and data protection regulations, including those from SDAIA and NCA.
- Performing Data Protection Impact Assessments (DPIAs) to evaluate and mitigate risks associated with data processing.
- Overseeing the development and execution of incident response plans for cybersecurity and data breach incidents, ensuring timely reporting and incorporation of lessons learned.
- Designing and delivering organization-wide training and awareness programs on cybersecurity and data protection.
- Evaluating and monitoring third-party vendor contracts for compliance with cybersecurity and data protection requirements.
- Conducting regular audits of cybersecurity practices and GRC controls, providing recommendations for identified gaps.
- Serving as a focal point for senior management on cybersecurity risks and GRC initiatives, providing regular reports on risk status.
- Coordinating the execution of IT security operations with IT and business senior management to ensure robust asset protection.
- Leading and mentoring the internal information security team, fostering professional growth.
Qualifications and Experience
Candidates should possess:
- A Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Business Administration, or a related field. A Master’s degree in Cybersecurity, Information Security, or Risk Management is highly desirable.
- A minimum of 5-10 years of experience in information security or cybersecurity operations.
- At least 3 years in a managerial, supervisory, or advisory role focused on Governance, Risk, and Compliance (GRC) or risk management.
- Experience overseeing or collaborating with outsourced Security Operations Centers (SOCs) is preferred.
Required Knowledge and Skills
The ideal candidate will have:
- In-depth understanding of cybersecurity frameworks such as CIS, NIST, ISO 27001, and NCA controls.
- Comprehensive knowledge of data protection and privacy laws, including KSA’s PDPL and international regulations (*, GDPR, HIPAA).
- Familiarity with KSA’s regulatory environments, including SDAIA and NCA.
- Strong understanding of risk management methodologies.
- Knowledge of IT service management (ITSM) frameworks, such as ITIL.
- Proficiency in IT operations, service management, and cybersecurity practices, including incident response, threat detection, and vulnerability management.
- Expertise in risk assessment tools and methodologies.
- Familiarity with security information and event management (SIEM) systems, intrusion detection/prevention systems (IDPS), and other security monitoring tools.
- Ability to evaluate and oversee third-party security providers, including SOC performance metrics and KPIs.
- Strong analytical skills to interpret security data and integrate operational insights into risk management frameworks.
Professional Certifications
Required certifications include CompTIA Security+ and ISC2 Certified in Cybersecurity (CC). Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) certifications are preferred. Highly desirable certifications include ISO 27001 Lead Auditor (LA) or Lead Implementer (LI), Certified in Risk and Information Systems Control (CRISC), ITIL Foundation, Certified Ethical Hacker (CEH), or CompTIA Security+.
Requirements
- Requires 5-10 Years experience
Similar Jobs
You may also like
- Related Information Security Manager Opportunities
- Sales Representative Jobs in Al Khobar
- Purchasing Manager Jobs in Al Khobar
- Graphic Designer Jobs in Al Khobar
- Host Jobs in Al Khobar
- Barista Jobs in Al Khobar
- Other Job Fields in Makkah
- Sales Representative Jobs in Makkah
- Purchasing Manager Jobs in Makkah
- Cashier Jobs in Makkah
- Barista Jobs in Makkah
- Marketing Specialist Jobs in Makkah
- Receptionist Jobs in Makkah
- Business Development Specialist Jobs in Makkah
- Real Estate Marketer Jobs in Makkah
- STOREKEEPER Jobs in Makkah
- Pharmacist Jobs in Makkah
- Explore Jobs Across Saudi Arabia
- Administrative Assistant Jobs in Najran
- Financial Manager Jobs in Jeddah
- Receptionist Jobs in Medina
- Warehouse Technician Jobs in Buraydah
- Business Development Supervisor Jobs in Jeddah
- Occupational Health and Safety Specialist Jobs in Medina
- Sales Assistant Jobs in Riyadh
- Sales Coordinator Jobs in Makkah
- Quality Control Engineer Jobs in Nifi
- Legal Specialist Jobs in Riyadh