Information Security Manager

Job Description

Job Description

Instant payments? Personal finance products? Faster loan/credit applications from more accurate credit history? By now pay later? Crypto?

Did you know you’re likely to have used Open Banking in everyday life within the above products without even realising? Once held exclusively by banks, personal financial data is now available for startups and developers to create new financial services and tools to benefit end users!

Well, at TG we are enabling Open Banking in the MENA region, which is made up of over 550 million people! We are the first & largest Open Banking platform in MENA & already have a license in Bahrain, Saudi Arabia & Dubai where the banks are being made by the regulators to expose APIs.

Think how much of an impact you could have, being part of the product mission for that region…

At TG, we’re building a culture of continuous professional growth, excellence and building great relationships with colleagues along the way. We seek team players that have low ego but high ambition.

We are hiring an Information Security Manager to join the team. This role is the lead security role within the Saudi Arabia arm of the business and requires SAMA approval before a successful appointment. Experience and confident communication is of utmost importance.

What you will be working on:

Maintain, communicate, audit, and improve the organisation’s ISO 27001 certified Information Security Management System.

Coordinate with the regulator on matters pertaining to cybersecurity threats, compliance with CSF etc.

Deliver risk-based cyber security solutions that address people, process, and technology including information security policies & processes.

Manage the cyber security activities.

Monitoring of the cyber security activities (SOC monitoring).

Monitoring of compliance with cyber security regulations, policies, standards, and procedures.

Overseeing the investigation of cyber security incidents & performing cyber security reviews.

Gathering and analysing threat intelligence from internal and external sources.

Measure and review performance metrics to monitor compliance with SAMA’s Cybersecurity Framework and associated policies, procedures, and controls.

Collaborate with clients, third parties, and regulators to complete effective due diligence processes demonstrating the maturity and effectiveness of the organisation’s policies and controls.

Evangelise security across the business by delivering security awareness training, campaigns and initiatives through third parties, phishing and ransomware assessments, and the use of effective internal communication tools to build a security focused culture.

Contribute the organisation\’s security incident response programme responding and recovering from any threats. Including the evaluation and reporting of security incidents.

Advocate data privacy.

Perform data mapping and risk assessment and in order to implement strong controls.

Align systems, policies, and procedures with these regulatory bodies and laws regarding data protection.

What we’re looking for ?

For this role you will need:

Experience working in SAMA-regulated financial institutions.

At least 5 years experience working in the cybersecurity field

Professional certifications and/or a master\’s degree in cybersecurity

A Track record in information security roles and working across related projects end to end.

Experience implementing SAMA’s Cybersecurity Framework and have achieved sufficient maturity levels

Experience maintaining the risk management plan, actions, target dates and updating actions.

Experience implementing ISO 27001/2 controls across the business, as well as conducting regular audits.

Experience supporting the implementation of detective, preventative, and corrective security controls to embed the organisation\’s security frameworks, policies, standards, and procedures effectively (SAMA, NIST, NCA etc).

Experience preforming gap analysis and NIST maturity assessments.

Experience using productivity tooling e.g. Confluence, JIRA, Miro, Office 365, etc.

Experience using security tooling for regulatory reporting.

Knowledgeable across a range of areas of IT; especially endpoint protection, vulnerability management, cloud security, network security, operating system security, benchmark reporting

Knowledgeable of data protection and experience implementing and maintaining processes in-line with government and regulatory requirements.
Bonus points for:

Experience working within cloud hosting environments preferably AWS and OCI.

Experience with security incident response, digital forensics investigations and mock tabletop exercises. You may have dealt with a major security breach in the past

Experience in or been involved in the Open Banking/Financial Services/Banks/Payments/FinTech space.