Apply for Manager, Information Security, Jeddah, Saudi Arabia Job Vacancy | Position

Business Unit: ITFC

Division: Not Applicable

Department: Not Applicable

Country: Saudi Arabia

Location: Saudi Arabia –  Jeddah

Job Grade: Not Applicable

Closing Date: 30-Dec-2024

SECTION I: JOB PURPOSE

The duty of this function is to supervise and make sure the institution of  cybersecurity and IT threat administration program throughout ITFC, and to behave as the point of interest for cybersecurity and IT threat governance actions. Responsible for the design, administration and evaluation of ITFC’s cybersecurity and IT threat administration insurance policies, requirements, and baselines to make sure safe operation of ITFC data & methods. Conduct each community and person exercise audits the place required to find out safety wants. Providing steerage and required coaching on issues regarding cybersecurity, guaranteeing the implementation of needed actions to stick to relevant legal guidelines/laws, requirements, and pointers.

SECTION II: KEY RESPONSIBILITIES

Core Responsibilities

Network Administration and Security

• Manage safety of data methods, the detection of threats to ITFC methods, and the response to detected threats and cyber-attacks.
• Safeguards data system belongings by figuring out and fixing potential and precise safety issues.
• Protects system by defining entry privileges, management buildings, and sources.
• Recognizes issues by figuring out abnormalities, reporting violations.
• Implements safety enhancements by assessing the present scenario; evaluating traits; anticipating necessities
• Determines safety violations and inefficiencies by conducting periodic audits.
• Upgrades system by implementing and sustaining safety controls.
• Keeps customers knowledgeable by making ready efficiency studies, speaking system standing.
• Maintains high quality service by following group requirements.
• Maintains technical information by attending/teaching instructional workshops, reviewing publications.
• Contributes to staff effort by conducting associated outcomes as wanted.

Performance Monitoring

• Manage and Troubleshoot community methods points and submit suggestions for enhancements in community operation and administration.
• Plan for catastrophe restoration and create contingency plans within the occasion of any safety breaches
• Engage in and handle ‘moral hacking’, for instance, simulating safety breaches
• Identify potential weaknesses and implement measures, comparable to firewalls and encryption

Vendor Management

• Coordinate with distributors to expedite the decision of issues.
• Evaluate vendor options to make sure compliance with necessities and price effectiveness.

Service Management

• Act as escalation level for all requests and incidents associated to community.
• Follow up on points and gives material experience help for diagnosing and resolving issues.
• Prepare technical and procedural documentation of community infrastructure.
• Conduct root trigger evaluation for assigned incidents and advocate software program or {hardware} modifications to rectify issues.

Firewall Management (On-Premise and Cloud)

• Oversee configuration, monitoring, and upkeep of on-premises and cloud-based firewalls, guaranteeing they’re optimized to stop unauthorized entry and detect potential threats.
• Define and implement firewall guidelines and insurance policies, together with entry controls, to safe community site visitors in keeping with organizational and compliance requirements.
• Conduct common audits and vulnerability assessments on firewalls to determine and mitigate any potential safety weaknesses.
• Collaborate with community and system groups to troubleshoot and resolve firewall-related points whereas minimizing downtime and disruption.

Cloud Security Management (Defender for Cloud)

• Configure, handle, and optimize Microsoft Defender for Cloud settings to boost safety posture throughout cloud sources, together with VMs, databases, and storage accounts.
• Develop and implement safety insurance policies inside Defender for Cloud to watch and mitigate dangers related to cloud infrastructure, purposes, and information.
• Utilize risk intelligence, alerting, and automation options inside Defender for  Cloud to detect and reply to safety incidents.
• Implement safety finest practices for cloud platforms, together with Identity and Access Management (IAM), encryption, and safe configuration.

Network Security

ehJndIB ztgJV

• Design, implement, and keep safe community structure, incorporating  firewalls, intrusion detection/prevention methods (IDS/IPS), VPNs, and community segmentation methods.
• Conduct community site visitors evaluation and steady monitoring to determine anomalies or suspicious actions that will point out potential safety threats.
• Work carefully with IT groups to deploy and configure community gadgets, guaranteeing compliance with safety insurance policies and finest practices.
• Lead initiatives to safe endpoints, improve community resilience, and reply to vulnerabilities or incidents affecting community integrity.

Threat Monitoring and Incident Response

• Implement and oversee risk monitoring processes utilizing safety data and occasion administration (SIEM) methods, integrating information from firewalls, Defender for Cloud, and community gadgets.
• Develop and execute incident response protocols for community, firewall, and cloud safety incidents, minimizing impression by fast containment, evaluation, and remediation.
• Perform post-incident evaluation and reporting to determine root causes, enhance firewall configurations, and replace safety insurance policies as wanted.

Compliance and Documentation

• Ensure firewall, community, and cloud safety insurance policies adjust to related laws and business requirements (e.g., NIST, ISO 27001).
• Maintain documentation for all safety configurations, procedures, and insurance policies to facilitate audits and improve information sharing throughout IT groups.
• Conduct common safety assessments, threat analyses, and penetration exams on cloud and on-premises methods to confirm compliance and mitigate vulnerabilities.

Service Level Agreements (SLA)

• Monitor manufacturing, outputs, and providers to make sure that SLAs, and different high quality metrics, are being met.
• Developing SLAs.

SECTION IV: KNOWLEDGE, SKILLS & COMPETENCIES

• Bachelor’s diploma in IT
• Master’s diploma is fascinating
• Advanced certifications comparable to SANS GIAC/GCIA/GCIH and/or SIEM-specific coaching and certification
• Relevant certifications are a bonus (comparable to IAM Level I Security+ CE, CAP, CND, Cloud+, CSLC, CEH, CISM, CISSP, CASP, CCNA-Security)
• DoD-8570 IAT Level 2 baseline certification (Security+ CE or equal)

Firewall and Network Security :

• Certifications like Checkpoint Certified Security Administrator (CCSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE) present experience in managing and configuring firewall methods.

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) , which offer a complete understanding of safety administration practices.

Cloud Security :

• Microsoft Certified: Security Operations Analyst Associate or Azure Security Engineer Associate for Microsoft Defender for Cloud and different Azure safety elements.

• Certified Cloud Security Professional (CCSP) or AWS Certified Security – Specialty for extra normal cloud safety experience.

Network Security :

• CompTIA Network+ or Cisco Certified CyberOps Associate for foundational and superior information in networking safety rules and operations.

Competencies

• Firewall Management : Proficiency with firewall applied sciences and platforms (e.g., Cisco ASA, Palo Alto, Checkpoint) for establishing, configuring, and sustaining firewalls on each on-premises and cloud platforms.

• Cloud Security Expertise : In-depth understanding of cloud environments, particularly Microsoft Azure, to handle and safe cloud providers, implement Defender for Cloud insurance policies, and carry out threat assessments.

• Networking Knowledge : Strong grasp of community protocols, segmentation, VPNs, IDS/IPS, and safe configuration of community gadgets.

• Security Monitoring and Incident Response : Proficiency in utilizing  SIEM instruments (e.g., Splunk, Microsoft Sentinel) for monitoring, alerting, and responding to cybersecurity incidents throughout firewall and cloud environments.

• Risk Assessment and Compliance : Ability to evaluate threat in IT methods and guarantee compliance with requirements like NIST, ISO 27001, and PCI DSS.

Language Skills

• English is obligatory
• Arabic/French is preferable

Years of Experience

• Minimum 4 years of expertise

About Application Process

If you meet the factors and you might be enthusiastic in regards to the function, we might welcome your application. To full the application you would want the next doc(s):

• Resume/CV