Senior Officer Cybersecurity Governance and Compliance

Job DescriptionThis level requires Good knowledge of Information Security Governance and compliance. This level also requires good knowledge of information security policies, processes, standards and guidelines. Knowledge of security exceptions, security awareness is also expected , National regulations of Cybersecurity and international standards and practices Knowledge of security exceptions, cyber security awareness, cyber security compliance program including PCI-DSS, SAMA CSF, Tadawul Member policy, ISO/IEC 27001:2013, NCA mandates, guidelines and policies are also requiredThe key accountability would be on Cybersecurity Policy Management, Cybersecurity Training & Awareness, Cybersecurity Regulatory & Policy Compliance, Privacy and Data protection, Cybersecurity Matrix, Risk Register, Appetite & Reporting.Participate in understanding the enterprise objectives and translate them in defining annual Information Security strategy, roadmap and objectives.Work with the higher levels to understand compliance gaps or requirements, technical need and translate them to policy statements also participate in establishing and maintaining security policies, baselines, standards, checklist and processes and for defining roles and responsibilities of Info. Security within the bank.Participate in establishing a strong and effective Security Governance model and instituting a sound IS GRC platform based on a unified security compliance model.Participate in the execution of bank-wide information security awareness program and a customer focused IS awareness program with an objective to enhance the awareness level of BSF staff and customers.Participate in establishing and maintaining Information Security KPI and metrics, risk register and risk appetiteParticipate in maintaining overall security remediation plans and managing Information Security exceptions.Participate in the effectiveness review of processesCoordinate in the preparation of all reports generated for ManagementParticipate in Identifying and keep track of all information security related compliance mandates and work with governance in the creation, implementation, and maintenance of appropriate policies, and procedures to be compliant with all applicable regulationsResponsible for identifying compliance gaps and to recommends, implements, and maintains technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective mannerLiaison with other business lines and support divisions in the implementation of regulatory compliance requirements.Responsible in tracking audit findings and recommendations to ensure that appropriate mitigation actions are taken and support necessary compliance activities Participate in managing critical information security compliance programs including PCI DSS, ISO 27001, SAMA CSF and compliance mandates from SAMA and NCAResponsible for coordinating activities internal and external auditors including PCI QSA, ISO 27001 external auditor, and internal BSF audit division and with all B/Ls and support divisions.Participate in understanding and interpreting emerging and evolving data protection and privacy standards and framework and translate them to BSF compliance programParticipate in ensuring that all requirements of SAMA circulars, guidelines, Information Security Strategy, Information Security Framework and incorporated in the information security compliance program A bachelor's or master’s degree in Computer Science or Information Technology or related field.Professional certification such as CISSP, CISA, CISM, CGEIT, CRISC, CEH etc.Minimum 3 to 6 years in information security with experience in information security governance and compliance.Relevant certificationsSkillsCyber security Strategy, Policies, procedures baselines standards and information security regulations.Good knowledge of compliance assessments and knowledge of information security related business processes, and control objectives.Knowledge of information security standards, codes of practice and guidelines such as 27000:2005, the NIST Computer Security Division Special Publications and Federal Information Processing Standards.Sound understanding of generally accepted IT security and privacy audit procedures and standards.Excellent knowledge of information security concepts, methodologies and best/leading practices.