Information Security Lead

  • Full Time
  • Saudi Arabia
  • Applications have closed

The purpose of the Information Security Lead is to design, build and run a world-class information security framework for NEOMs EWF sector. In addition, drive the adoption of CISO controlled and issued information security and data privacy mandatory best practices within the EWF sector. Working in conjunction with the CISO Office, the role will ensure that all technology implemented is ‘secure by design’ and is in 100% compliance with the NEOM Authority Cyber & Data Protection regulations.

Key Accountabilities and Responsibilities

  • Develop an EWF sector-wide Information Security Strategy with the objective to build a world-class information security & data privacy framework and department for the EWF Sector.
  • Lead the implementation of the NEOM Information Security Management System (ISMS) for the EWF Sector.
  • Drive the adoption of CISO cyber, information security, and data privacy best practices.
  • Translate the CISO standards & guidelines into EWF sector-specific guidelines around cyber, information security, and data privacy.
  • Ensure all technologies implemented within the EWF sector are ‘secure by design’ and are 100% in compliance with the NEOM Authority Cyber & Data Privacy / Protection regulations.
  • Develop and maintain a Cyber Incident Response Plan for the EWF sector & integrate it with the NEOM Cyber and Information Security Incident Response Plan.
  • Develop and maintain a Cyber Risk Register for the EWF sector & integrate it with the NEOM Cyber Risk Register.
  • Ensure an effective risk management process gets in place within the EWF Sector.
  • Ensure security gets embedded in all stages of the software development life cycle.
  • Play an active role in EWF sector initiatives that have an important cyber & information security component to them.
  • Actively raise overall awareness of the importance of cyber & information security for the overall success of the EWF Sector.
  • Act as point of contact for all the cyber, information security & data privacy-related topics between the sector and the CISO Office.
  • Act as the primary point of contact for all cyber, information security & data privacy-related topics within the EWF Sector.
  • Coordinate sector requests to the CISO function for support, including but not limited to Design Concepts, Technical Specifications, RFPs, Tender Evaluations, Industry Regulations, Incident Response, Policies & Standards, Product evaluation, and testing, threat intelligence, 3rd party & Joint Venture Risk Management, Governance, Risk Control, and Digital Forensics.
  • Assist with implementing the defined Data Protection standards/regulation and security best practices/regulation.

Education & Experience

  • University / Master’s degree in information security or related field.
  • Hold industry-relevant certification such as ISO27001/2, IEC 62443, CISSP, CISA, CISM
  • Proven track record of success
  • Minimum 15 years’ experience in working in Information Security & Data Privacy roles.
  • Proven track record in defining & implementing an Information Security & Data Privacy Framework from scratch.
  • Experience in working within the utility industry is a plus.
  • Strong experience with implementing information security standards such as ISO/IEC 27001/2 and/or NIST and IEC 62443
  • Experience working with SOX or similar ICFR frameworks and a solid understanding of COSO and COBIT internal control frameworks.
  • Knowledge of the latest technology developments, information security laws & regulations and are able to adequately translate these into tangible and acceptable information compliance & security measures.
  • Ability to liaise with the business to define information security & data privacy risk levels, consequently select appropriate control measures and ensure proper implementation and follow up of these measures.
  • Experience working with Data Classification and an understanding of the different classification levels
  • Strong knowledge regarding the information security standards ISO/IEC 27001 and 27002 and/or NIST, security & risk management methods and are also able to apply them.
  • Extensive experience in implementing IEC 62443
  • Strong experience in risk management frameworks
  • Strong knowledge of GDPR.
  • Excellent leadership, interpersonal, communication, and motivational skills.
  • Ability to craft alliances and positively influence peers and stakeholders.
  • Successful in steering & coaching colleagues.
  • High personal energy, active approach with a can-do mentality.
  • Demonstrated ability to work on a diverse scope of tasks simultaneously.
  • Ability to operate in a team-oriented and collaborative environment.
  • Ability to bring innovative ideas from inception to actual implementation.
  • Flexibility to work in a relatively unstructured environment of a start-up.
  • Good written and spoken English.