Security Manager

JOB OBJECTIVE:

Security Manager is responsible to lead Security Team & Operations to ensure Physical, Operations & IT Security Compliance for managing Security Compliance programs, and protecting assets, information systems, sensitive products, data and assets.

ROLES & RESPONSIBILITIES:

1. Security Policy and general organization:
1. Set-up and maintain the Information Security Management System (ISMS) to the standards of ISO27001 including:
2. Definition, updating and implementation of security manual.
3. Definition, updating and implementation of security policy.
4. Definition, updating and implementation of security risk assessment.
5. Definition, updating and implementation of security documentation system.
6. Maintenance of system through annual auditing process.
7. Management of system audit program and selection of external audit provider.
8. Training on security rules for employees, contractors, visitors.
9. Definition of security objectives and control of integration of those objectives in new projects.
10. Definition of security system continuity plan in case of breakdown, maintenance, improvement, etc.
11. Interface with police and certification agencies for audit remedial actions and alarm management.
12. Chair Security Forum to provide focus for company resources against risks.
2. 2- Personnel security:
1. Management of recruitment/termination rules (clearances, screening, confidentiality agreement, police records, etc).
2. Management of annual screening of key employees following standards.
3. Management or control of security employees, auditors & 3rd parties.
4. Ownership of employee disciplinary decision when related to security breach/elevated risk level.
3. 3- Physical security:
1. Accountability to implement & monitor all Physical Security (access control, alarm system, CCTV) Operations, Process, Procedures & Governance in line with Security Policy & applicable regulatory/cert requirements.
2. Control over purchase, receipt, and management of physical security equipment (access control, alarm system, CCTV, physical keys...).
4. 4- Product security:
1. Ensure end to end operations security compliance for card activities.
2. Ensure through monitoring, checks & internal audit reconciliation sensitive assets in operations.
3. Implementation of necessary audit trail procedures to follow rules defined in certification agencies requirements.
4. Control of documentation/procedures/policies, etc (initial provision and review).
5. 5- Logical security:
1. Definition (with IT management) of access rights and administration rules.
2. Definition (with IT department) of IT continuity plan, and ongoing review of effectiveness.
3. Definition, procurement, and review (with IT department) of additional local IT Security controls.
4. Ensure IT Security oversight and compliance to Security Policy for all business & operations as needed (e.g. Incident management, Change management, Log review, Firewall review, Antivirus monitoring, etc.).
5. Accountability to review Internal/External Vulnerability Scan, Penetration Test result. Analyze and follow-up with related owners to ensure timely fix the critical and high findings per IS Security Policy.
6. Conduct security review and provide appropriate recommendations to strengthen the IT Security posture and to address the gaps.
7. Monitor, Track resolution IT Security Incidents with respective owners and follow-up for remediation actions until resolution.
8. Participate in new IT projects or solution implementations.
9. Maintenance of Data Protection status and ownership of processes applicable to data protection and the Information Commissioner's office.
10. Manage Risk Assessment methodologies in aim to the company protection (Penn test, screening, FMEA, etc).
11. Corporate reporting management like to Corp Security teams (SCART, etc).
12. Follow-up Management Self-Assessment processes.

WORK EXPERIENCE REQUIREMENTS:

5-6 years of hands-on IT Operations, IT Security or Security Operations experience.

In-depth knowledge of ISO27001 and PCI-CP; PCI-DSS.

QUALIFICATION, CERTIFICATION & EDUCATIONAL REQUIREMENTS:

• Bachelor degree in IT or other relative field.
• Certified Information Systems Security Professional (CISSP).

Lead Auditor level training to ISO standards (ISO27001); PCI-CP.

Lean 6 Sigma qualification or deep know-how (green belt) an advantage.

PREFERRED SKILLS:

• Must be SC cleared or be able to obtain SC clearance in the KSA.
• In-depth knowledge and Process Management on GDPR.
• Knowledge of KSA Data Protection Legislation.
• Auditing knowledge of the above standards.
• Understanding of security audit processes.
• Ability to work accurately to tight deadlines.
• Ability to maintain good and efficient relationships with all departments and external parties at all levels.
• Ability to manage people of varying disciplines at varying levels of the business.
• Knowledge of security systems and computer/networks tools.
• Ability to communicate at all levels of the organisation.
• Ability to prepare and present comprehensive written report and documents.
• Strong team leadership skills. Optimising the team set-up to meet the needs of the different DIS business lines and their customers.
• Ability to manage priorities effectively across different business lines and within business lines.
• Problem solving skills.
• Listening and inter-personal skills.
• Participation in customer security working groups as may be necessary.
• Financial awareness with high levels of budgetary control.
• Good influencing/negotiating skills.
• Ability to develop and implement effective short and long-term strategies to address key issues and achieve the goals and objectives of the organisation.
• Ability to help staff to adapt behaviour and work methods in response to new information, changing conditions, or unexpected obstacles, maintaining focus, intensity, and persistence, even in adverse, evolving, or ambiguous situations.