Job Summary

The Information Security Manager is responsible for developing, implementing, and overseeing the organization’s information security strategy, governance framework, and compliance initiatives. This role ensures the organization maintains robust security controls, complies with regulatory requirements (PCI DSS, NESA, etc.), and continuously strengthens its cybersecurity posture through policy development, audits, system hardening, and secure key management practices.

Key Responsibilities1. Security Governance & Policy Management

• Develop, approve, and enforce organization-wide information security policies, standards, and procedures.
• Ensure security policies align with business objectives and regulatory requirements.
• Continuously review and update policies to comply with evolving cybersecurity regulations and industry best practices.
• Promote a culture of security awareness and compliance across all departments.

2. Regulatory Compliance & Audit ManagementPCI DSS Compliance

• Lead and supervise PCI DSS compliance initiatives across the organization.
• Coordinate with external auditors and internal stakeholders during audits.
• Oversee evidence collection, documentation, and reporting.
• Ensure remediation of identified gaps within defined timelines.
• Provide knowledge transfer and training to internal teams to maintain ongoing compliance.

NESA Compliance

• Lead the implementation and maintenance of NESA security controls.
• Coordinate daily with auditors and ensure timely submission of required evidence.
• Establish and update organizational policies to adhere to NESA requirements.
• Monitor compliance posture and drive corrective actions where needed.

3. Internal Audit & Risk Assessment

• Plan and conduct internal security audits and self-assessment scans.
• Identify security gaps, vulnerabilities, and non-compliance issues.
• Develop and track remediation plans in coordination with IT and business teams.
• Report audit findings and risk posture to senior management.

4. Infrastructure & System Hardening Oversight

• Lead the implementation and governance of system hardening standards across the organization, including:
• Database Hardening
• Windows Server Hardening
• Active Directory Hardening
• Operating System (OS) Hardening
• IIS Hardening
• Ensure baseline security configurations are documented and enforced.
• Oversee vulnerability management and ensure timely patching and mitigation.

5. Key Management & Cryptography Governance

• Establish and maintain secure key management practices.
• Oversee the implementation and management of Key Management Systems (KMS).
• Ensure encryption standards and cryptographic controls meet regulatory and industry requirements.
• Monitor lifecycle management of encryption keys.

6. Leadership & Stakeholder Management

• Lead and mentor the information security team.
• Collaborate with IT, risk, compliance, and business units to integrate security into operations.
• Provide regular security posture reports to executive management.
• Manage relationships with external auditors, regulators, and security vendors.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, IT, or related field (Master’s preferred).
• 7–10+ years of experience in information security, with at least 3–5 years in a managerial or leadership role.
• Strong experience in PCI DSS and NESA compliance frameworks.
• Hands-on knowledge of system hardening standards and best practices.
• Experience managing audits and regulatory assessments.
• Relevant certifications preferred (CISSP, CISM, CISA, CEH, PCI QSA-related certifications).
  

• للتقديم الان