Director of Cyber Security

The incumbent is responsible for managing cybersecurity within the organization, including assessment and planning, governance and risk, cybersecurity operations, and compliance management to protect data, systems, and infrastructure from threats and risks in the cyber domain.

Responsibilities

• Developing a Cybersecurity Management Action Plan aligned with the organization's strategic plan and overseeing its implementation:
• Defining objectives and key performance indicators (KPIs) for cybersecurity management and monitoring progress toward achieving these goals.
• Ensuring that the department's staff understand the action plan.
• Staying updated on local and international best practices relevant to the department's operations and providing necessary recommendations.
• Recommending the optimal organizational structure for cybersecurity management and identifying the resources required to execute operations effectively and achieve strategic objectives.
• Preparing the annual budget for cybersecurity management in accordance with plans and needs.
• Developing cybersecurity policies, procedures, and processes based on legal, internal, and external requirements, and approving automation needs for processes while recommending improvements to related electronic systems.
• Overseeing the identification of current gaps, requirements, areas for improvement, and tools that need to be planned in coordination with other departments.
• Managing the development and periodic updating of an annual cybersecurity plan and roadmap based on changing needs.
• Supervising the development/update of authentication processes (e.g., passwords, multi-factor authentication, biometrics) to ensure alignment with the organization's needs.
• Defining risk assessment criteria to evaluate risk significance and support decision-making processes.
• Identifying potential risks in coordination with internal departments and determining the most suitable risk mitigation strategies.
• Monitoring risk mitigation processes and providing guidance and support as needed to prevent recurrence.
• Enhancing awareness of cybersecurity responsibilities and privacy protection within the organization through educational materials, awareness sessions, communication channels, and workshops.
• Managing the assessment of security vulnerabilities (e.g., network, operating system, human errors, processes) and identifying relevant solutions (e.g., fixes, acceptance, mitigation).
• Managing penetration testing and ensuring the documentation of results and accessed data.
• Overseeing the development/update of cybersecurity prevention and mitigation plans to address vulnerabilities and gaps promptly, and managing their implementation while providing support and guidance to address threats.
• Managing cyber incidents, enforcing corrective measures, and preparing periodic reports to document incidents.
• Overseeing compliance assessments with the National Cybersecurity Authority's policies, regulations, and standards, or other relevant laws and regulations.
• Reviewing assessment reports that include findings, non-compliance cases, their causes, and impacts.
• Developing and ensuring the implementation of corrective actions to address non-compliance in accordance with the National Cybersecurity Authority's policies, regulations, and standards.
• Providing recommendations and nominations for staffing the department based on needs, in coordination with the Human Resources department.
• Offering guidance, advice, and support to subordinates to perform their tasks in accordance with approved policies and procedures.
• Setting individual performance objectives, providing necessary support, evaluating the team, and offering continuous feedback on performance.
• Contributing to creating a motivating work environment that aligns with the organization's values.

General Responsibilities:

• Building and strengthening relationships with stakeholders in the public and private sectors to serve the organization's interests.
• Reviewing and approving reports and presentations related to the activities and achievements of the cybersecurity management department.
• Performing any other duties required by the role.

Qualifications

• Bachelor’s degree, preferably in Computer Science, Cybersecurity, Information Systems, Information Technology, or an equivalent field.
• 9-12 years of experience, including at least 4 years in a managerial role.