Information Security Manager

Job summary:

The information security manager for the KSA business unit will be responsible for implementing Nextcare's security policies, procedures, and controls in alignment with KSA regulations and the company's regional security strategy. The role requires strong expertise in local cybersecurity laws, compliance frameworks, and risk management, ensuring the protection of business-critical assets and data.

Key responsibilities:

• Regulatory compliance & governance: Work closely with the compliance function to ensure compliance with KSA cybersecurity regulations.
• Policy implementation: Ensure adherence to and enforcement of Nextcare's security policies and guidelines across the KSA business unit.
• Risk management: Identify, assess, and mitigate security risks, ensuring appropriate controls are in place to protect sensitive information and IT infrastructure.
• Incident response & management: Lead security incident response efforts, including investigation, containment, and reporting to relevant authorities.
• Security awareness & training: Promote cybersecurity awareness across the business unit and conduct training programs for employees.
• Third-party risk management: Assess and monitor security risks associated with vendors, partners, and third-party service providers.
• Collaboration & reporting: Act as the key liaison between the KSA business unit and the regional security team, providing reports on security posture, incidents, and compliance status.
• Security operations & monitoring: Oversee security operations, ensuring continuous monitoring, threat detection, and vulnerability management.
• Technical controls management: Implement and manage security controls, including:
  • Antivirus & endpoint detection and response (EDR): Solutions such as CrowdStrike and Kaspersky.
  • Data loss prevention (DLP) & proxy solutions: Forcepoint and similar technologies.
  • Email security & other controls: Ensure robust email security measures and other security controls are in place to protect business operations.
• Emerging threats & best practices: Stay updated on the latest cybersecurity threats, trends, and industry best practices to strengthen the organization's security posture.

Qualifications & experience:

• Bachelor's degree in information security, computer science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, or equivalent are highly preferred.
• Minimum of 7 years of experience in information security, with at least 3 years in a managerial role.
• Strong knowledge of KSA cybersecurity regulations, including NCA and SAMA frameworks.
• Experience in implementing and managing security controls, risk assessments, and incident response.
• Familiarity with international security standards (ISO 27001, NIST, etc.).
• Excellent leadership, communication, and stakeholder management skills.
• Ability to work effectively in a regional and multicultural environment.