Officer Cybersecurity Governance and Compliance

• This level requires Good knowledge of Cybersecurity Governance and information Security Compliance. This level also requires good knowledge of Cybersecurity policies, standards and guidelines. Knowledge of security exceptions, cyber security awareness, cyber security compliance program including PCI-DSS, SAMA CSF, Tadawul Member policy, ISO/IEC ‎27001:2013, NCA mandates, guidelines and policies are also required. This level is required to perform the assigned duties independently or with minimum guidance. The Job Description and accountabilities include


• Participate in understanding the enterprise objectives and work with higher levels to translate them in defining Cybersecurity strategy, objectives and initiative and track progress of the approved strategic objectives


• Work with the higher levels to understand compliance gaps or requirements, technical, regulatory and compliance needs and translate them to policy statements also participate in establishing and maintaining and review of security policies, processes, baselines standards and frameworks.


• Participate in the execution of bank-wide Cybersecurity awareness program and a customer focused IS awareness program with an objective to enhance the awareness level of BSF staff and customers.


• Participate in establishing and maintaining Cybersecurity KPI and metrics and for Management Reports on security posture.


• Participate in maintaining overall security remediation plans and managing Cybersecurity exceptions.


• Perform compliance assessments to ensure cyber security compliance with policies and regulatory requirements


• Responsible for identifying compliance gaps and to recommends, implements, and maintains technical and procedural controls to provide regulatory compliance.


• Responsible in tracking audit findings and recommendations to ensure that appropriate mitigation actions are taken and support necessary compliance activities


• Participate in managing critical information security compliance programs including PCI DSS, ISO ‎27001, SAMA CSF, NCA, CMA and others are required.


• Responsible for coordinating activities internal and external auditors including PCI QSA, ISO ‎27001 external auditor, and internal BSF audit division and with all B/Ls and support divisions.


• Participate in understanding and interpreting emerging and evolving security and privacy standards and framework and translate them to BSF compliance program

ا لمهارات

• A Bachelors preferably in Cybersecurity or IT / Computer Science or related discipline.


• Professional Certification(s), in related field


• ‎2-‎4 years of experience


• Cyber security Strategy, Policies, procedures baselines standards and information security regulations.


• Good knowledge of compliance assessments and knowledge of information security related business processes, and control objectives.


• Knowledge of information security standards, codes of practice and guidelines such as ‎27000:2005, the NIST Computer Security Division Special Publications and Federal Information Processing Standards.


• Sound understanding of generally accepted IT security and privacy audit procedures and standards. Excellent knowledge of information security concepts, methodologies and best/leading practices