وصف الوظيفه

What You'll Do... The InfoSec team's mission is to safeguard the confidentiality, integrity and availability of all TG systems by collaborating cross-functionally, contributing to creating a resilient infrastructure and a culture of security. You'll enjoy working across TG as well as with our partners and regulators to implement, maintain, and continually improve the organisation's security posture within KSA. You will be a key member of the teams responsible for the ISO 27001 certified Information Security Management System (ISMS) - its governance and compliance across the business. You'll be responsible for implementing CBB's Cybersecurity Framework and achieving the necessary maturity level. You'll collaborate with technical and non-technical teams to ensure the implementation, compliance and awareness of both technical and organisational controls are to the highest standards. We seek team players that have low ego but high ambition. You'll want to join a mission driven company, building a world class customer experience, creating a world class technology and security operating that inspires high performing teams. We'll need you to Maintain, communicate, audit, and improve the organisation's ISO 27001 certified Information Security Management System. Coordinate with the regulator on matters pertaining to cybersecurity threats, compliance with CSF etc. Deliver risk-based cyber security solutions that address people, process, and technology including information security policies & processes. Manage the cyber security activities, including: Monitoring of the cyber security activities (SOC monitoring). Monitoring of compliance with cyber security regulations, policies, standards, and procedures. Overseeing the investigation of cyber security incidents & performing cyber security reviews. Gathering and analyzing threat intelligence from internal and external sources. Measure and review performance metrics to monitor compliance with CBB's Cybersecurity Framework and associated policies, procedures, and controls. Collaborate with clients, third parties, and regulators to complete effective due diligence processes demonstrating the maturity and effectiveness of the organization's policies and controls. Evangelise security across the business by delivering security awareness training, campaigns and initiatives through third parties, phishing and ransomware assessments, and the use of effective internal communication tools to build a security-focused culture. Contribute the organisation's security incident response programme responding and recovering from any threats. Including the evaluation and reporting of security incidents. Advocate data privacy. Perform data mapping and risk assessment and in order to implement strong controls. Align systems, policies, and procedures with these regulatory bodies and laws regarding data protection. المهارات Requirements Experience working in CBB-Regulated financial institutions. Track record in information security roles and working across related projects end to end. Experience implementing CBBs Cybersecurity Framework and have achieved sufficient maturity levels Experience maintaining the risk management plan, actions, target dates and updating actions. Experience implementing ISO 27001/2 controls across the business, as well as conducting regular audits. Experience supporting the implementation of detective, preventative, and corrective security controls to embed the organisation's security frameworks, policies, standards, and procedures effectively (SAMA, NIST, NCA etc). Experience preforming gap analysis and NIST maturity assessments. Experience using project delivery tooling e.g. Confluence, JIRA, LucidChart, Office 365, etc. Knowledgeable across a range of areas of IT, especially endpoint management, vulnerability management, network security, operating systems, and public cloud hosting (AWS / OCI). Knowledgeable of Data protection and experience implementing and maintaining processes in-line with government and regulatory requirements. Bonus points for: Experience working within cloud hosting environments preferably AWS and OCI (a bonus). Experience with security incident response, digital forensics investigations and mock tabletop exercises. You may have dealt with a major security breach in the past (a bonus). Experience in or been involved in the Open Banking/Financial Services/Banks/Payments/FinTech space (a bonus).