{bc}
linkedin

Information Security Manager

My Clinic KSA
Jeddah, KSA
Full Time
Manager
1 months ago
Governance, Risk, and Compliance (GRC)CISNISTNCAPDPLISO 27001
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Governance, Risk, and Compliance (GRC)CISNIST
Smart Apply

Full Job Posting

Job Summary

  • The Information Security Manager leads My Clinic’s information and cybersecurity program, focusing on GRC to protect patient data and ensure compliance with CIS, NIST, and NCA standards.

Primary Responsibilities

  • Governance and Policy Development: Develop, implement, and maintain information security policies aligned with CIS, NIST, NCA, and PDPL.
  • Risk Management: Lead enterprise wide risk assessments, maintain risk register, and implement mitigation strategies.
  • SOC Oversight: Oversee outsourced SOC operations, review KPIs, and ensure alignment with security objectives.
  • Compliance Oversight: Ensure compliance with cybersecurity frameworks and data protection regulations.
  • Data Protection Impact Assessments: Perform DPIAs to evaluate risks associated with personal data processing.
  • Incident Response and Management: Oversee incident response plans and coordinate with outsourced SOC.
  • Training and Awareness Programs: Design and deliver cybersecurity training for employees.
  • Third Party Risk Management: Evaluate and monitor third party vendors for compliance.
  • Auditing and Monitoring: Conduct regular audits of cybersecurity practices and GRC controls.
  • Advisory and Collaboration: Advise senior management on cybersecurity risks and GRC initiatives.
  • Overall IT Security Operations Handling: Oversee execution of IT security operations.
  • Team Leadership and Development: Lead and mentor the internal information security team.

Education / Professional Qualifications

  • Bachelor’s degree in IT, Cybersecurity, Computer Science, Information Systems, Business Administration, or related field. Master’s degree desirable.
  • Minimum 7 years of experience in information security, with at least 3 years in a managerial GRC or risk management role.
  • Experience overseeing outsourced SOCs preferred.

Knowledge

  • In depth understanding of CIS, NIST, ISO 27001, and NCA controls.
  • Comprehensive knowledge of PDPL and international regulations (GDPR, HIPAA).
  • Familiarity with SDAIA and NCA regulatory environments.
  • Strong understanding of risk management methodologies.
  • Knowledge of ITIL and its application to security operations.

Technical Skills

  • Proficiency in IT operations, service management, and cybersecurity practices including incident response and vulnerability management.
  • Expertise in risk assessment tools and methodologies.
  • Familiarity with SIEM systems, IDPS, and security monitoring tools.
  • Ability to evaluate third party security providers and SOC KPIs.
  • Strong analytical skills to interpret security data.

Professional Certifications

  • CompTIA Security+ and ISC2 Certified in Cybersecurity (CC) required.
  • CISM or CISSP preferred.
  • ISO 27001 Lead Auditor/Implementer, CRISC, ITIL Foundation, CEH, or CompTIA Security+ highly desirable.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at My Clinic KSA