Virtual Chief Information Security Officer

Description:

Key Responsibilities:

• Overseeing and managing all aspects of information security and cybersecurity.
• To develop and implement robust security strategies, policies, and procedures to safeguard the information assets, technology infrastructure, and internal & external data.
• Lead a team of dedicated security professionals and collaborate closely with other departments to ensure the organisation is compliant with regulatory requirements and industry best practices.
• Strong technical expertise, leadership skills, and a deep understanding of the evolving cyber threat landscape.
• Information Security Strategy: Develop and execute a comprehensive information security strategy aligned with the business objectives and risk tolerance, ensuring the confidentiality, integrity, and availability of sensitive information.
• Risk Management: Identify, assess, and prioritize information security risks and vulnerabilities. Implement risk mitigation measures and regularly monitor and report on the security posture to senior management and the board.
• Security Operations: Oversee the day-to-day security operations, incident response, and threat management activities. Coordinate with IT teams to ensure timely identification and resolution of security incidents.
• Regulatory Compliance: Stay abreast of relevant laws, regulations, and industry standards related to information security. Ensure the organisation’s compliance with applicable security requirements, reporting obligations, and certifications.
• Security Awareness and Training: Develop and conduct security awareness programs for bank employees, educating them on security best practices and promoting a security-conscious culture.
• Vendor Security Management: Evaluate and manage security risks associated with third-party vendors and service providers. Ensure that vendors comply with the bank's security standards.
• Security Architecture and Infrastructure: Collaborate with IT teams to design and implement secure architectures for the company’s information systems, networks, and applications.
• Data Protection and Privacy: Implement and monitor data protection and privacy measures to safeguard customer information and comply with data privacy regulations.
• Disaster Recovery and Business Continuity: Develop and maintain disaster recovery and business continuity plans to ensure the company can recover from disruptive events and maintain critical operations.
• Security Incident Response: Lead the investigation and response to security incidents, working closely with internal teams and external stakeholders, such as law enforcement and regulatory authorities.
• Security Governance: Establish and maintain a robust security governance framework, including policies, standards, procedures, and guidelines.

Qualification:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Professional certifications such as CISSP, CISM, or CISA are highly desirable.
• Proven experience as a senior information security leader in different industry.
• In-depth knowledge of cybersecurity principles, practices, technologies, and emerging trends.
• Strong understanding of regulatory requirements, such as ISO, SAMA GDPR, PCI DSS, or other local regulations.
• Excellent communication and leadership skills to effectively collaborate with cross-functional teams and executive stakeholders.
• Demonstrated ability to manage complex security projects and drive organizational change towards a security-first mindset.
• Experience in managing and mentoring security teams.