Head of Cybersecurity (KSA National)

Specialized Technical Services

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

The Head of Cybersecurity directs cybersecurity work within an organization, establishes vision and direction for its cybersecurity and related strategies, resources and activities and advises the leadership on the effective management of the organization s cyber risks

Duties and Responsibilities:

• Effectively communicate financial aspects of cybersecurity related activities to senior management.
• Collaborate with stakeholders to ensure business continuity and disaster recovery programs meet organizational requirements.
• Effectively manage vulnerability remediation
• Supervise and effectively assign work to staff working on cybersecurity related tasks.
• Allocate resources to cybersecurity roles.
• Promote awareness of cyber policy and strategy as appropriate among the organization's management.
• Work with stakeholders to develop cybersecurity policies and associated documentation in alignment with the organization's cybersecurity strategy.
• Align the organization's cybersecurity strategy with its business strategy
• Carry out a cybersecurity risk assessment
• Work with others on policies, processes and procedures relating to cybersecurity and privacy.
• Ensure that appropriate controls are in place to effectively mitigate risk and address privacy concerns during a risk assessment process.
• Work with others to implement and maintain a cybersecurity risk management program
• Ensure sound principles are reflected in the organization's mission, vision and goals
• Obtain resources to develop and implement effective processes to meet strategic cybersecurity goals.
• Understand and communicate an organization's cybersecurity status during legal and regulatory scrutiny.
• Promote and demonstrate the value of cybersecurity to stakeholders within an organization.
• Communicate effectively with third parties in the event of a cybersecurity incident.
• Review the effectiveness of the organization's cybersecurity controls against its strategic goals.
• Manage the regular review and maintenance of the organization's cybersecurity policy and associated documentation.
• Ensure that appropriate actions are taken to mitigate the risk in the event of a cybersecurity incident.
• Advocate cybersecurity related topics with senior management, to ensure the organization's strategic goals include cybersecurity.
• Ensure that organizational cybersecurity strategy is effectively addressed by cybersecurity policies and related documents.
• Ensure cybersecurity requirements of all information technology systems are determined.
• Develop and maintain appropriate cybersecurity policies and related documentation to ensure the organization's critical infrastructure is appropriately protected.
• Collaborate with stakeholders in the organization and with third parties when identifying future cybersecurity strategy requirements.
• Identify and recruit appropriately skilled resources to address cybersecurity activities within the organization.
• Attend and present at international cybersecurity events.
• Obtain relevant resource to implement and maintain the cybersecurity aspects of an effective business continuity plan.
• Develop and maintain a cybersecurity strategy that aligns to the organization's business strategy.
• Ensure that cybersecurity requirements for IT are aligned with the organization s cybersecurity strategy.
• Manage financial aspects of cybersecurity, including budgeting and resourcing.

Knowledge

• Knowledge of network components, their operation and appropriate network security controls and methods.

• Knowledge and understanding of risk assessment, mitigation and management methods.

• Knowledge of relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.

• Knowledge of the principles of cybersecurity and privacy.

• Knowledge of cybersecurity related threats and vulnerabilities.

• Knowledge of the likely operational impact on an organization of cybersecurity breaches.

• Knowledge of vulnerabilities in applications and their likely impact.

• Knowledge of cybersecurity aspects of business continuity and disaster recovery planning and including testing.

• Knowledge of system and application security threats and vulnerabilities

Skills

• Skill in determining the normal operational state for security systems and how that state is affected by change.

• Skill in effectively communicating with all levels of staff.

• Skill in identifying new cybersecurity threats in a timely manner.

• Skill in developing policies which reflect the organization's business and cybersecurity strategic objectives.

• Skill in evaluating the viability and legitimacy of suppliers and products.

• Skill in continually identifying new technologies and their potential impact on cybersecurity requirements.

•