Broxer
Giuntura
This page was automatically translated and may contain errors. View in English.
M

Information Security Manager

My Clinic KSA

Jeddah, Makkah Province, Saudi Arabia · Tempo pieno

Sii il primo a candidarti

Esperienza
7+ yrs
Stipendio
Aperture
1
Pubblicato
1 ora fa

Where you'll work

Descrizione del lavoro

About My Clinic

My Clinic is a multispecialty outpatient healthcare provider in Saudi Arabia, serving patients since 2017. The organization is guided by a mission to help people live longer, healthier, and happier lives, and it places strong emphasis on innovation, care, collaboration, ambition, and accountability.

Role Overview

The Information Security Manager will head the clinic’s information security and cybersecurity program, with primary ownership of governance, risk, and compliance activities. The position is focused on protecting sensitive patient information, ensuring compliance with relevant cybersecurity and data protection requirements, and working closely with IT and business leadership to maintain secure and resilient operations.

Key Responsibilities

This role covers policy creation, risk oversight, compliance management, incident handling, vendor supervision, and team leadership. It also involves coordinating with an outsourced Security Operations Center (SOC) and ensuring cybersecurity practices remain aligned with regulatory and organizational expectations.

Governance, Risk, and Compliance

  • Create, update, and maintain information security, privacy, and data protection policies, procedures, and standards.
  • Align internal controls with recognized frameworks and regulations such as CIS, NIST, NCA requirements, and KSA’s Personal Data Protection Law (PDPL).
  • Run organization-wide risk assessments, maintain a risk register, and track mitigation actions through to closure.
  • Conduct Data Protection Impact Assessments (DPIAs) for activities involving personal or sensitive data.
  • Perform regular compliance checks and audits to identify gaps and recommend corrective actions.

Security Operations and Incident Management

  • Oversee the performance of the outsourced SOC from the organization’s standpoint, including monitoring service levels and incident handling quality.
  • Review SOC KPIs and work with the provider to ensure alignment with business and compliance needs.
  • Lead the planning and execution of cybersecurity and data breach response activities.
  • Ensure incidents are investigated, contained, and reported within required regulatory timelines.
  • Translate lessons learned from incidents into improved controls and risk treatment plans.

Advisory, Training, and Stakeholder Management

  • Act as a trusted security advisor to senior management, IT leadership, and the risk committee.
  • Provide regular updates on risk posture, mitigation progress, and emerging threats.
  • Design and deliver security awareness and compliance training for employees and relevant stakeholders.
  • Support decision-making by integrating operational security findings into broader governance and risk discussions.

Third-Party and Team Leadership

  • Assess and monitor third-party vendors, data processors, and partners to verify cybersecurity and privacy compliance.
  • Work closely with internal IT and business teams to improve the organization’s security posture.
  • Lead, coach, and develop the internal information security team.
  • Coordinate team efforts with the outsourced SOC to ensure effective execution of security responsibilities.

Education and Experience

A bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Business Administration, or a related discipline is required. A master’s degree in Cybersecurity, Information Security, or Risk Management is considered an advantage.

The ideal candidate should bring at least 7 years of experience in information security or cybersecurity operations, including a minimum of 3 years in a managerial, supervisory, or advisory position focused on governance, risk, and compliance. Experience working with or overseeing an outsourced SOC is preferred.

Knowledge and Technical Background

Strong knowledge of cybersecurity frameworks such as CIS, NIST, ISO 27001, and National Cybersecurity Authority (NCA) controls is needed. The role also requires familiarity with KSA’s PDPL, international privacy regulations such as GDPR and HIPAA, and the regulatory environment involving SDAIA and NCA. Understanding of risk management practices, IT service management concepts, and operational security tools is also important.

Professional Certifications

CompTIA Security+ and ISC2 Certified in Cybersecurity (CC) are mandatory. Certifications such as CISM or CISSP are preferred. Additional valuable credentials include ISO 27001 Lead Auditor or Lead Implementer, CRISC, ITIL Foundation, CEH, and CompTIA Security+ for technical depth.

Additional Information

This position is based in Jeddah, Makkah, Saudi Arabia, and is a full-time on-site role. The job posting does not specify salary, perks, number of openings, or start date.

Competenze

Incident Response SIEM IT Service Management Security Auditing Third-Party Risk Management Information Security Governance Cybersecurity Risk Management GRC Compliance Security Operations Monitoring DPIA SOC Oversight Privacy and Data Protection

Lasciate questo messaggio se desiderate una risposta: non lo useremo per nessun altro scopo.

Clicca per navigare, trascina e rilascia, oppure impasto uno screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Dimensione massima 20 MB ciascuno · Fino a 5 file