473 Cism jobs in Saudi Arabia

Location

Jeddah, Saudi Arabia

Experience

4

Job Type

Recruitment

Job Description

• The responsibility of this role is to oversee and ensure the establishment of a cybersecurity and IT risk management program across the client, and to act as the focal point for cybersecurity and IT risk governance activities.
• Responsible for the design, management and review of Client's cybersecurity and IT risk management policies, standards, and baselines to ensure secure operation of Client information & systems.
• Conduct both network and user activity audits where required to determine security needs.
• Providing guidance and required training on matters relating to cybersecurity, ensuring the implementation of necessary actions to adhere to applicable laws/regulations, standards, and guidelines.

Responsibilities -

Network Administration and Security

• Manage protection of information systems, the detection of threats to Client's systems, and the response to detected threats and cyber-attacks.
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects system by defining access privileges, control structures, and resources.

Performance Monitoring-

• Manage and Troubleshoot network systems issues and submit recommendations for improvements in network operation and management.
• Plan for disaster recovery and create contingency plans in the event of any security breaches
• Engage in and manage 'ethical hacking', for example, simulating security breaches
• Identify potential weaknesses and implement measures, such as firewalls and encryption

Vendor Management-

• Coordinate with vendors to expedite the resolution of problems.
• Evaluate vendor solutions to ensure compliance with requirements and cost effectiveness.

Service Management-

• Act as an escalation point for all requests and incidents related to the network.
• Follow up on issues and provide subject matter expertise support for diagnosing and resolving problems.

Firewall Management (On-Premise and Cloud)-

• Oversee configuration, monitoring, and maintenance of on-premises and cloud-based firewalls, ensuring they are optimized to prevent unauthorized access and detect potential threats.
• Define and implement firewall rules and policies, including access controls, to secure network traffic according to organizational and compliance standards.
• Conduct regular audits and vulnerability assessments on firewalls to identify and mitigate any potential security weaknesses.
• Collaborate with network and system teams to troubleshoot and resolve firewall-related issues while minimizing downtime and disruption.

Cloud Security Management (Defender for Cloud)-

• Configure, manage, and optimize Microsoft Defender for Cloud settings to enhance security posture across cloud resources, including VMs, databases, and storage accounts.
• Develop and enforce security policies within Defender for Cloud to monitor and mitigate risks associated with cloud infrastructure, applications, and data.

Network Security-

• Design, implement, and maintain secure network architecture, incorporating firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and network segmentation strategies.
• Conduct network traffic analysis and continuous monitoring to identify anomalies or suspicious activities that may indicate potential security threats.

Threat Monitoring and Incident Response-

• Implement and oversee threat monitoring processes using security information and event management (SIEM) systems, integrating data from firewalls, Defender for Cloud, and network devices.
• Develop and execute incident response protocols for network, firewall, and cloud security incidents, minimizing impact through quick containment, analysis, and remediation.
• Perform post-incident analysis and reporting to identify root causes, improve firewall configurations, and update security policies as needed.

Compliance and Documentation-

• Ensure firewall, network, and cloud security policies comply with relevant regulations and industry standards (e.g., NIST, ISO
• Maintain documentation for all security configurations, procedures, and policies to facilitate audits and enhance knowledge sharing across IT teams.
• Conduct regular security assessments, risk analyses, and penetration tests on cloud and onpremises systems to verify compliance and mitigate vulnerabilities.

Service Level Agreements (SLA)-

• Monitor production, outputs, and services to ensure that SLAs, and other quality metrics, are being met.
• Developing SLAs.

Education and Experience -

• A bachelor's degree in IT and a master's degree is desirable, Min 4 years of experience
• Advanced certifications such as SANS GIAC/GCIA/GCIH and/or SIEM-specific training and certification
• Relevant certifications are an advantage (such as IAM Level I Security+ CE, CAP, CND, Cloud+, CSLC, CEH, CISM, CISSP, CASP, CCNA-Security)
• DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent)

Firewall and Network Security-

• Certifications like Checkpoint Certified Security Administrator (CCSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE) show expertise in managing and configuring

firewall systems.

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), which provide a comprehensive understanding of security management

practices.

Network Security:

• CompTIA Network+ or Cisco Certified CyberOps Associate for foundational and advanced knowledge in networking security principles and operations.

Competencies

• Firewall Management: Proficiency with firewall technologies and platforms (e.g., Cisco ASA, Palo Alto, Checkpoint) for setting up, configuring, and maintaining firewalls on both on-premises and cloud platforms.
• Cloud Security Expertise: In-depth understanding of cloud environments, especially

Microsoft Azure, to manage and secure cloud services, implement Defender for Cloud policies, and perform risk assessments.

• Networking Knowledge: Strong grasp of network protocols, segmentation, VPNs, IDS/IPS, and secure configuration of network devices.
• Security Monitoring and Incident Response: Proficiency in using SIEM tools (e.g., Splunk,

Microsoft Sentinel for monitoring, alerting, and responding to cybersecurity incidents across firewall and cloud environments.

• Risk Assessment and Compliance: Ability to assess risk in IT systems and ensure compliance with standards like NIST, ISO 27001, and PCI DSS.

About the Role

We are seeking a highly experienced
Cybersecurity Manager
with a proven track record in
Governance, Risk & Compliance (GRC)
,
Network Security
, and
Infrastructure Security
. The ideal candidate will have extensive experience working with
System Integrators
, driving complex security projects, and ensuring robust cybersecurity frameworks across enterprise environments.

Key Responsibilities

• Lead and manage cybersecurity initiatives focusing on
  GRC, Network, and Infrastructure security domains
  .
• Design, implement, and oversee cybersecurity strategies and frameworks in line with international standards and regulatory requirements.
• Work closely with clients, stakeholders, and technology teams to deliver end-to-end security solutions.
• Ensure security compliance across critical systems, networks, and infrastructures.
• Drive risk assessments, audits, and remediation strategies.
• Provide leadership, mentorship, and guidance to security teams.

Requirements

• Minimum
  15 years of experience
  in cybersecurity with a strong managerial background.
• Expertise in
  Governance, Risk & Compliance (GRC)
  ,
  Network Security
  , and
  Infrastructure Security
  .
• Proven
  System Integrator experience
  in delivering large-scale cybersecurity projects.
• Strong domain knowledge in
  Airlines, Transport, or Tourism sectors
  (preferred).
• Excellent communication skills in
  Arabic and English
  .
• Relevant certifications (CISSP, CISM, CISA, ISO 27001 Lead Implementer, etc.) are highly desirable.

GENERAL DESCRIPTION OF THE JOB:

The
Systems Manage
r is responsible for overseeing the stability, security, and efficiency of NAQUA's IT Information Systems, ensuring seamless operations across corporate offices, remote sites, cold stores, retail locations, and work-from-home environments. This role involves managing a large-scale hybrid IT environment, including
Windows and Linux systems, Active Directory, Azure Hybrid Cloud, Microsoft 365, networking (UBNT), CCTV, IoT solutions, and enterprise security system
s
.

DETAILED RESPONSIBILITIESIT

Systems Manageme
nt

1. Manage the lifecycle of IT Information Systems assets such as the hardware, the OS, peripherals and related components by ensuring continuous operation backed by expert maintenance support and agreements.
2. Management o
   f Windows Server environmen
   ts, includin
   g Active Directory (AD), DNS, DHCP, and Group Poli
   cy.
3. Management o
   f Azure Hybrid Cloud integrati
   on, ensuring optimal performance and cost efficiency.
4. Overse
   e Microsoft 365 servic
   es, includin
   g Exchange Hybrid, SharePoint Online, Teams, and OneDri
   ve.
5. Management of Disaster Recovery processes and requirements.
6. Management o
   f file servers, backups, and disaster recovery solutio
   ns to ensure business continuit
   y.

Security & Compliance

1. Ensure IT security policies and controls are enforced across all Information Systems in all locations including remote and work-from-home.
2. Ensure the security and reliability o
   f CCTV, IoT devices, and access control syste
   ms.

Immediately respond to any incidents, breaches and vulnerabilities detected or reported and ensure coordination with IT management until the incident is resolved and closed.

Cloud & Hybrid Systems Administration

1. Manag
   e cloud servic
   es, including virtual machines, storage, and identity management.
2. Manage Exchange Hybrid deploymen
   ts, ensuring seamless email synchronization and security.
3. Manag
   e SharePoint Online and cloud collaboration too
   ls for operational efficiency.

Team Leadership & Vendor Coordination

1. Lead and mentor a team of IT professionals, ensuring effective support and system administration.
2. Coordinate wit
   h external vendors, service providers, and IT contracto
   rs for system upgrades and maintenance.
3. Participate i
   n IT budgets, procurement, and asset lifecycle (hardware/software) procedur
   es.

Team Leadership & Vendor Coordination.

• Lead and mentor a team of IT professionals, ensuring effective support and system administration.
• Coordinate wit
  h external vendors, service providers, and IT contracto
  rs for system upgrades and maintenance
• Participate i
  n IT budgets, procurement, and asset lifecycle (hardware/software) procedures
  .

Educat
ion: Bachelor's degree in IT, Computer Science, or related field
(Master's preferred)

Knowledge:

• Knowledge in ISO27001controls
• Knowledge in Saudi Cybersecurity Framework (NCA)
• Windows environments (AD, DNS, DHCP, GPO).
• Deep expertise in Microsoft 365, Azure, Exchange Hybrid, and SharePoint.
• Experience with CCTV, IoT systems, and enterprise security tools.
• Certifications such as Microsoft Certified: Azure Administrator, MCSE, CISSP, or CCNP are a plus.
• Ability to work in a fast-paced, 24/7 agricultural and retail environment.

Overview

Be a part of a well-established financial services organisation in Jeddah. Handle all matters related to information security architecture and engineering.

The Senior Manager - Information Security will be / have :

• A Bachelor's or Master's degree in Information Technology, Computer Science or other relevant fields of study
• 6+ years of experience in Information Security, ideally within the Banking / Financial Services sector
• Expertise in information security architecture and engineering
• Strong understanding of Information Security frameworks such as ISO2700
• Relevant certifications such as CISSP, CISM, CCISO, etc. would be preferred
• Excellent knowledge of Saudi regulatory requirements (SAMA, NCA, etc.)
• Track record in designing secure systems and leading cyber security initiatives
• Strong project management skills

• Support the CISO in developing and executing the information security strategy and roadmap
• Contribute to long term planning and act as a key advisor on technical risks
• Serve as acting CISO as and when required
• Evaluate and recommend security technologies, tools and methodology ensure the organisation complies with SAMA cybersecurity framework and NCA
• Lead technical input for audits and regularities reviews
• Oversee security monitoring, threat and vulnerability management activities
• Lead incident response efforts
• Collaborate with IT, compliance, audit and other business unit
• Report Information Security KPIs and metrics to executive management
• Represent the Information Security function internally and externally as require

The salary for the Senior Manager - Information Security role will be based on experience.

Aniket Deo

Quote job ref

JN-

Information Security Control Associate Manager Information Security Control Associate Manager

Get AI-powered advice on this job and more exclusive features.

Job Brief:To implement an organization’s internal control system through administering training and ensure employees have an intricate understanding of all internal control guidelines and standards. To conduct regular audits to verify whether departments follow the established procedures.

Responsibilities:

• To prepare and implement quality assurance policies and procedures and performe routine inspections and quality tests on security controls.
• To document quality assurance activities and creating audit reports.
• To identify and resolve workflow and production issues on security controls in alignment with IT Security department.
• To evaluate information security and associated risk exposures
• To create training materials and operating manuals for security controls function.
• To ensure standards and safety regulations are observed on continuous basis.
• Conduct a quarterly check on security controls and their status in terms of product versions, and agent version and coordinating with IT Security team to remediate issues raised.
• Preform compliance check on security controls efficiently and in proper manner.
• Conducting VA-PT exercises as per approved plan and communicate VA-PT results to stakeholders, and creating a master sheet to cater for all identified issues.
• Evaluate the organization’s readiness in case of business interruption.
• Review Capex project briefs and compliance with procedures.
• Checking the asset disposal bidding process.
• Prepare the required Information Security Control reports for tracking all related activities and to ensure all are well-documented and in a timely and quality manner.
• Maintain the confidentiality of information that they have access to or came across during their employment at EMKAN.
• Address and discuss any issues and proposed solutions with superiors.
• Adherence to all regulations and control function within the company in order to ensure that governance, Audit, risk and compliance matters are carried out.
• Fully adherence to the cybersecurity policies, processes, standards and regulations.

Qualification and Experience:

• Bachelor's degree in business administration or a technology-related field required.
• 5-6 years in information security, Compliance, IT management, and Network control.

• Seniority level Not Applicable

• Employment type Full-time

• Job function Management, Consulting, and Other
• Industries Financial Services, Banking, and Investment Banking

Get notified about new Information Security Manager jobs in Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Job Brief:To implement an organization's internal control system through administering training and ensure employees have an intricate understanding of all internal control guidelines and standards. To conduct regular audits to verify whether departments follow the established procedures.

Responsibilities:

• To prepare and implement quality assurance policies and procedures and performe routine inspections and quality tests on security controls.
• To document quality assurance activities and creating audit reports.
• To identify and resolve workflow and production issues on security controls in alignment with IT Security department.
• To evaluate information security and associated risk exposures
• To create training materials and operating manuals for security controls function.
• To ensure standards and safety regulations are observed on continuous basis.
• Conduct a quarterly check on security controls and their status in terms of product versions, and agent version and coordinating with IT Security team to remediate issues raised.
• Preform compliance check on security controls efficiently and in proper manner.
• Conducting VA-PT exercises as per approved plan and communicate VA-PT results to stakeholders, and creating a master sheet to cater for all identified issues.
• Evaluate the organization's readiness in case of business interruption.
• Review Capex project briefs and compliance with procedures.
• Checking the asset disposal bidding process.
• Prepare the required Information Security Control reports for tracking all related activities and to ensure all are well-documented and in a timely and quality manner.
• Maintain the confidentiality of information that they have access to or came across during their employment at EMKAN.
• Address and discuss any issues and proposed solutions with superiors.
• Adherence to all regulations and control function within the company in order to ensure that governance, Audit, risk and compliance matters are carried out.
• Fully adherence to the cybersecurity policies, processes, standards and regulations.

Qualification and Experience:

• Bachelor's degree in business administration or a technology-related field required.
• 5-6 years in information security, Compliance, IT management, and Network control.

Sr. Manager - Information Security Engineer

Job Purpose: Manage and maintain internal and external bank systems security. Promote the adherence to the information system security policies, procedures & guidelines. Promote system security education for internal or external parties. Present system security status across the organization periodically. Maintain internal and external regulatory requirements. Maintain physical security requirements. Ensure cybersecurity controls and defense measures are effectively implemented.

Responsibilities

• Develop and implement a comprehensive cybersecurity systems and structure aligned with organizational goals, group architecture and SAMA requirements.
• Analyze security requirements and develop data and system protection strategies.
• Review the implementation of security controls (firewalls, encryption, identity management, endpoint security, mail security, etc.) to meet required effectiveness.
• Evaluate new technologies for security risks and benefits and make recommendations.
• Analyze security risks, impacts, and mitigation options to support risk management and business decisions.
• Provide effective security solutions for bank systems.
• Maintain confidential and sensitive information register.
• Develop and manage security programs such as identity and access management, encryption, anomaly detection, and cyber incident response.
• Research and evaluate emerging security technologies.
• Provide guidance to other IT personnel on security best practices.
• Identify security threats and vulnerabilities in existing IT systems and recommend appropriate mitigation strategies.

• Support information system security initiatives based on security assessments.
• Support mitigation plans for technology vulnerabilities and build a layered security approach (Network, OS, Application, Database).
• Proactively hunt for indicators of compromise, anomalous behavior, and potential threats.
• Identify, analyze, and mitigate cyber threats; conduct proactive threat research.
• Analyze detected threats using threat intelligence, malware analysis, and other techniques.
• Research new and emerging threats through open-source intelligence, dark web monitoring, and security communities.
• Develop and implement intelligence-driven detection and prevention controls.
• Continuously refine threat detection systems and processes.
• Conduct penetration testing to identify vulnerabilities and weaknesses.
• Assess security control effectiveness and recommend improvements.
• Conduct forensic investigations of cybersecurity incidents (data breaches, malware, phishing).
• Respond to incidents by isolating impacted systems, reimaging, disabling credentials, and removing malware.
• Develop and execute incident response plans, processes, and workflows.
• Support the Security Incident Response Team.
• Maintain chain of custody and adhere to forensics best practices.

• Supervise information systems security projects and services.
• Monitor system performance and ensure security policy compliance.
• Monitor security systems for threats, policy violations, and anomalies.
• Investigate and respond to security alerts and incidents.
• Coordinate with the Security Operations Center (SOC).
• Track patch management effectiveness.
• Measure cybersecurity KPIs.
• Monitor and analyze endpoint activity for threats, malware, and data breaches.

• Develop and implement an information security governance framework to manage cybersecurity risks for the organization. This includes policies, standards, and procedures.
• Ensure compliance with relevant information security laws, industry standards, and best practices.
• Monitor system performance and ensure compliance with security policies.
• Manage the organization's security policies and assist in enforcing security protocols.

• Develop and implement a cybersecurity compliance program that ensures compliance with relevant laws, regulations, and industry standards including SAMA CSF, PCI DSS, ISO 27001, CMA CSF and other compliance mandates from SAMA.
• Lead the system-wide information security compliance program, ensuring IT activities, the banks projects processes, and procedures meet defined requirements, policies, and regulations.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.

• Identify risks on data protection.
• Cybersecurity Matrix, Risk Register, Appetite & Reporting.
• Participate in understanding the enterprise objectives and translate them in defining annual Information Security strategy, roadmap and objectives recommendations.
• Establishing and maintaining Information Security KPI and metrics, risk register and risk appetite.
• Maintaining overall security remediation plans and managing Information Security exceptions.
• Participate in the control effectiveness review of processes.
• Responsible for identifying compliance risks and to recommends, implements, and maintains technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective manner.
• Research and evaluate emerging security technologies.
• Stay updated on latest threats via information security forums/bulletins.
• Develop and maintain cybersecurity policies and procedures.
• Identify vulnerabilities in existing systems and recommend mitigation strategies.
• Perform security assessments and audits to identify gaps and improvement opportunities.
• Develop recommendations to strengthen defenses, mitigate risks, and ensure compliance.
• Automate security tasks and workflows.
• Maintain documentation of security configurations, policies, and processes.
• Test and evaluate new endpoint security technologies.
• Maintain SARIE system security.

Knowledge and Understanding:

• Cybersecurity principles and best practices (threat modeling, risk assessment, security controls, frameworks like SAMA CSF NIST, ISO, CIS).
• Regulatory compliance requirements (PDPL,GDPR, , PCI-DSS).
• Emerging technologies (blockchain, AI, machine learning) and their security implications. (preferable)
• Network protocols, operating systems, and databases.
• Security incident response processes and procedures.

Communication and Interpersonal Skills:

• Working effectively with cross-functional teams, stakeholders, and clients.

Qualification & Experience:

• Bachelor degree in information technology or equivalent.
• 8 – 10 years total system security banking experience
• One or more of the following qualifications are desirable:
• Certified Information Systems Security Professional (CISSP),
• Certified Information Security Manager (CISM),
• ISO27001 Lead implementer auditor
• Certified Ethical Hacker (CEH)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Incident Handler (GCIH)
• Offensive Security Certified Professional (OSCP)

Skills

Technical Skills:

• Knowledge of secure systems, networks, and applications (firewalls, IDS/IPS, access control, encryption, authentication).
• Using security technologies and tools (vulnerability scanners, penetration testing tools, SIEM, endpoint).
• Designing and implementing secure cloud architectures ( Oracle, AWS, Azure,).
• Implementing security controls for DevOps processes (CI/CD, containerization, automation).
• Developing and implementing security policies, procedures, and standards.
• Conducting security audits and assessments.
• Knowledge of security assessments and penetration testing of network, systems and databases.
• Developing and testing incident response plans.
• Providing security training and awareness programs.

Analytical/Problem-Solving Skills:

• Identifying and mitigating security risks and vulnerabilities.

Project Management Skills:

• Managing multiple projects and priorities simultaneously.

• Mid-Senior level

• Full-time

• Management, Engineering, and Project Management

• Financial Services and Insurance

• Be a part of a well-established financial services organisation in Jeddah
• Handle all matters related to information security architecture and engineering

• Be a part of a well-established financial services organisation in Jeddah
• Handle all matters related to information security architecture and engineering

• Support the CISO in developing and executing the information security strategy and roadmap
• Contribute to long term planning and act as a key advisor on technical risks
• Serve as acting CISO as and when required
• Evaluate and recommend security technologies, tools and methodology ensure the organisation complies with SAMA cybersecurity framework and NCA
• Lead technical input for audits and regularities reviews
• Oversee security monitoring, threat and vulnerability management activities
• Lead incident response efforts
• Collaborate with IT, compliance, audit and other business unit
• Report Information Security KPIs and metrics to executive management
• Represent the Information Security function internally and externally as require

• A Bachelor's or Master's degree in Information Technology, Computer Science or other relevant fields of study
• 6+ years of experience in Information Security, ideally within the Banking/Financial Services sector
• Expertise in information security architecture and engineering
• Strong understanding of Information Security frameworks such as ISO2700
• Relevant certifications such as CISSP, CISM, CCISO, etc. would be preferred
• Excellent knowledge of Saudi regulatory requirements (SAMA, NCA, etc.)
• Track record in designing secure systems and leading cyber security initiatives
• Strong project management skills

Boost your career Find thousands of job opportunities by signing up to eFinancialCareers today.

Overview

Information Security Analyst vacancy in Ar Rass Saudi Arabia

We are seeking a highly skilled and experienced Information Security Analyst to join our team on a contract basis. In this role, you will be responsible for protecting our company's sensitive information and ensuring compliance with security policies and procedures. As an Information Security Analyst, you will use your expertise to identify potential security risks, implement security measures, and perform regular security audits.

• Conduct thorough assessments of our network and systems to identify vulnerabilities
• Implement and maintain security measures such as firewalls, anti-virus software, and encryption protocols
• Monitor network activity and investigate any suspicious activity or breaches
• Develop and maintain security policies and procedures to ensure compliance with industry standards
• Conduct regular security audits to identify any areas for improvement
• Provide training and support to employees on best practices for information security

• Bachelor's degree in Computer Science or a related field
• Minimum of 3 years of experience as an Information Security Analyst or similar role
• In-depth knowledge of information security principles, standards, and best practices
• Strong technical skills in areas such as network administration, encryption technologies, and vulnerability assessment tools
• Excellent problem-solving skills and attention to detail
• Ability to communicate complex technical concepts to non-technical stakeholders

This is a contract position based in Ar Rass, open to candidates of all nationalities. If you are a proactive and analytical individual with a passion for information security, we encourage you to apply for this exciting opportunity.