{bc}
linkedin

Information Security Manager

My Clinic KSA
Jeddah, KSA
Full Time
Manager
3 weeks ago
Governance, Risk, and Compliance (GRC)Cybersecurity Frameworks (CIS, NIST, NCA)Risk ManagementSecurity Operations Center (SOC) OversightData Protection (PDPL, GDPR, HIPAA)Incident Response
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Governance, Risk, and Compliance (GRC)Cybersecurity Frameworks (CIS, NIST, NCA)Risk Management
Smart Apply

Full Job Posting

Job Summary

  • The Information Security Manager leads My Clinic’s information and cybersecurity program, with a key focus on Governance, Risk, and Compliance (GRC).
  • This role ensures protection of sensitive patient data and adherence to cybersecurity regulations including CIS, NIST, and NCA controls.

Primary Responsibilities

  • Governance and Policy Development: Develop, implement, and maintain comprehensive information security and data protection policies.
  • Risk Management: Lead enterprise wide risk assessments and maintain a risk register.
  • Security Operations Center (SOC) Oversight: Oversee outsourced SOC operations and enforce KPIs.
  • Compliance Oversight: Ensure compliance with CIS, NIST, NCA, and PDPL.
  • Data Protection Impact Assessments (DPIAs): Perform DPIAs to evaluate risks.
  • Incident Response and Management: Oversee incident response plans and ensure timely reporting.
  • Training and Awareness Programs: Design and deliver organization wide training.
  • Third Party Risk Management: Evaluate and monitor third party vendors.
  • Auditing and Monitoring: Conduct regular audits of cybersecurity practices.
  • Advisory and Collaboration: Serve as focal point for IT and business senior management.
  • Overall IT Security Operations Handling and Execution: Oversee IT security operations.
  • Team Leadership and Development: Lead and mentor the internal information security team.

Education / Professional Qualifications

  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Business Administration, or related field.
  • Minimum of 7 years of experience in information security or cybersecurity operations.
  • At least 3 years in a managerial, supervisory, or advisory role focused on GRC or risk management.
  • CompTIA Security+ and ISC2 Certified in Cybersecurity (CC) certifications required.
  • CISM or CISSP certifications preferred.
  • ISO 27001 Lead Auditor or Lead Implementer, CRISC, ITIL Foundation, CEH, or CompTIA Security+ highly desirable.

Knowledge

  • In depth understanding of cybersecurity frameworks such as CIS, NIST, ISO 27001, and NCA controls.
  • Comprehensive knowledge of data protection and privacy laws, including KSA’s PDPL and international regulations (e.g., GDPR, HIPAA).
  • Familiarity with KSA’s regulatory environments, including SDAIA and NCA.
  • Strong understanding of risk management methodologies.
  • Knowledge of IT service management (ITSM) frameworks, such as ITIL.

Technical Skills

  • Proficiency in IT operations, service management, and cybersecurity practices.
  • Expertise in risk assessment tools and methodologies.
  • Familiarity with SIEM systems, IDPS, and other security monitoring tools.
  • Ability to evaluate and oversee third party security providers.
  • Strong analytical skills to interpret security data.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at My Clinic KSA