Virtual CISO Consultant

Summary

Join Inbox Business Technologies as a KSA National, Virtual Chief Information Security Officer (CISO) to develop, implement, and manage information security strategies for clients. The role requires a deep understanding of cybersecurity frameworks and best practices.

Requirements

• Bachelor's degree in information security, computer science, or a related field; a Master's degree is a plus
• Proven 6 to 8 years of experience as a CISO or a senior security role in a professional services environment
• Strong understanding of enterprise security frameworks and management standards (NIST, ISO, COBIT, etc.)
• Expertise in risk management, incident response, and compliance regulations
• Exceptional communication and leadership skills to effectively engage with executive teams
• Relevant certifications such as CISM, CISSP, or CRISC are highly advantageous
• Proven ability to build and maintain strong relationships with diverse stakeholders
• Extensive experience in developing and implementing security policies, procedures, and controls

Responsibilities

• To assist with integrating security policies and protection strategies with IT systems
• Develop, and collaborate with key people within the business to create an IT security risk management program
• Assist with working on the Cybersecurity Framework published by the Saudi Central Bank
• Develop and implement a comprehensive cybersecurity strategy and roadmap to safeguard organizations' assets and data
• Outlining information security plans, guidelines, policies, and short-term strategies and setting goals and targets
• Assist with managing institution-wide information security governance processes
• Establish and enforce security policies, procedures, and best practices to ensure compliance with industry regulations and standards
• Oversee ongoing efforts relating to different cybersecurity initiatives including but not limited to regulators' compliance activities, risk assessments, vulnerability management, cybersecurity incidents handling, and response
• Provide guidance and support to internal stakeholders on cybersecurity matters, including training and awareness programs
• Collaborate with cross-functional teams to integrate security controls into new and existing systems and applications
• Prepare and present regular reports on the status of cybersecurity initiatives, incidents, and compliance efforts to senior management
• When required, physical presence on-site (should not exceed 1-2 visits per month) while maintaining full availability and support remotely
• Stay current on emerging cybersecurity threats, technologies, and trends to proactively mitigate risks and enhance security posture
• Identifying and assisting with fixing vulnerabilities within existing security systems
• Performing penetration tests or working directly with penetration testers to assess potential security problems
• Developing organization-wide security measures
• Documenting known security breaches and vulnerabilities
• Providing feedback to the concerned to improve proposed or existing systems
• Conducting audits to determine security violations or vulnerabilities
• Assist with the implementation of the Saudi Central Bank framework roadmap
• Assist with ensuring that standards, processes, and procedures of the department reflect Saudi Central Bank cyber security requirements