JOB PURPOSE / ROLE:
Provide deep subject-matter expertise SIMAH's cybersecurity architecture and assurance function, ensuring that all technology systems, applications, and infrastructure are designed, deployed, and maintained securely in alignment with SIMAH's cybersecurity strategy, regulatory obligations, and industry best practices.
AREAS OF RESPONSIBILITY:
Strategic:
- Develop and direct the implementation of the Cybersecurity Architecture strategy ensuring alignment to SIMAH vision, mission, and corporate objectives.
Policies, Processes & Procedures
- Follows all relevant departmental policies, processes, standard operating procedures, and instructions so that work is carried out in a controlled and consistent manner.
Day- to-day operations:
- Plan, manage, and supervise both remote and onsite security testing across SIMAH's IT infrastructure to proactively detect configuration weaknesses, vulnerabilities, and design flaws.
- Ensure all acquired, developed, and implemented systems conform to SIMAH's cybersecurity architecture standards and regulatory frameworks, including SAMA CSF and NCA ECC requirements.
- Enhance application security assessment processes, including secure code reviews, vulnerability scanning, and penetration testing, ensuring alignment with recognized industry standards and SIMAH's internal methodology
- Collaborate with IT and relevant stakeholders to design and execute controlled offensive security exercises such as physical security tests, wireless network assessments, and social engineering campaigns (e.g., simulated phishing).
- Provide expert security reviews of application and infrastructure designs (covering web, mobile, APIs, and microservices) to validate adherence to secure architecture and design best practices.
- Define, review, and approve security requirements throughout the software development lifecycle (SDLC), ensuring that security artefacts, documentation, and controls are embedded from design to deployment.
- Monitor periodic security posture assessments of SIMAH's infrastructure, servers, databases, networks, and cloud environments, identifying risks, evaluating control effectiveness, and recommending mitigation strategies.
- Provide expert guidance in defining security architecture requirements for new initiatives, ensuring alignment with SIMAH's cybersecurity strategy, regulatory mandates, and technology roadmap.
- Drive maturity enhancement of the cybersecurity architecture and assurance practices by adopting new frameworks, tools, and methodologies to strengthen SIMAH's overall security resilience.
Continuous Improvement and Innovation
- Support in Overseeing the overall Cybersecurity Architecture activities within SIMAH and continuing the progress within the department.
- Assess periodically the employee relation processes and ensure the complete processes.
People Management
- Ensures subordinates have clear objectives, regular performance feedback sessions, formal annual appraisals, and individual development plans, with particular emphasis on the development of talented Saudi national staff.
Reporting
- Assists in the preparation of timely and accurate reports of SIMAH to meet company and department requirements, policies, and standards.
QUALIFICATIONS & EXPERIENCE:
Minimum Qualifications:
- Bachelor's degree in computer science, Cybersecurity, or a related discipline.
- Professional qualifications or certifications such as SABSA, CISSP, CISM, OSCP, or GIAC-GDSA are preferred.
Minimum Experience:
- 6-8 years of progressive experience in cybersecurity architecture, assurance, or offensive security roles.
Language:
SOFT SKILLS & TECHNICAL KNOWLEDGE AREAS:
- technology controls and emerging threats
- Risk and Control Self-Assessment
- Knowledge of security implementations and IT risks
- Knowledge of business continuity and disaster recovery
- Quality management
- Delegation abilities
- Compliance & Regulatory Requirements
- Analytical Ability
- Business Acumen
- Decision Making
- Critical Thinking skills
