Head of Cybersecurity (KSA National)

Our Culture:

At Hulool Zaintech for Information Technology we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Hulool Zaintech family.

Our Code of Conduct

At Hulool Zaintech for Information Technology we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

The Head of Cybersecurity directs cybersecurity work within an organization, establishes vision and direction for its cybersecurity and related strategies, resources and activities and advises the leadership on the effective management of the organization’s cyber risks 

Duties and Responsibilities:

• Effectively communicate financial aspects of cybersecurity related activities to senior management. 
• Collaborate with stakeholders to ensure business continuity and disaster recovery programs meet organizational requirements. 
• Effectively manage vulnerability remediation 
• Supervise and effectively assign work to staff working on cybersecurity related tasks. 
• Allocate resources to cybersecurity roles. 
• Promote awareness of cyber policy and strategy as appropriate among the organization's management. 
• Work with stakeholders to develop cybersecurity policies and associated documentation in alignment with the organization's cybersecurity strategy. 
• Align the organization's cybersecurity strategy with its business strategy 
• Carry out a cybersecurity risk assessment 
• Work with others on policies, processes and procedures relating to cybersecurity and privacy. 
• Ensure that appropriate controls are in place to effectively mitigate risk and address privacy concerns during a risk assessment process.  
• Work with others to implement and maintain a cybersecurity risk management program 
• Ensure sound principles are reflected in the organization's mission, vision and goals 
• Obtain resources to develop and implement effective processes to meet strategic cybersecurity goals.  
• Understand and communicate an organization's cybersecurity status during legal and regulatory scrutiny. 
• Promote and demonstrate the value of cybersecurity to stakeholders within an organization. 
• Communicate effectively with third parties in the event of a cybersecurity incident. 
• Review the effectiveness of the organization's cybersecurity controls against its strategic goals. 
• Manage the regular review and maintenance of the organization's cybersecurity policy and associated documentation. 
•  Ensure that appropriate actions are taken to mitigate the risk in the event of a cybersecurity incident. 
• Advocate cybersecurity related topics with senior management, to ensure the organization's strategic goals include cybersecurity. 
• Ensure that organizational cybersecurity strategy is effectively addressed by cybersecurity policies and related documents. 
• Ensure cybersecurity requirements of all information technology systems are determined. 
• Develop and maintain appropriate cybersecurity policies and related documentation to ensure the organization's critical infrastructure is appropriately protected. 
• Collaborate with stakeholders in the organization and with third parties when identifying future cybersecurity strategy requirements. 
• Identify and recruit appropriately skilled resources to address cybersecurity activities within the organization. 
• Attend and present at international cybersecurity events. 
• Obtain relevant resource to implement and maintain the cybersecurity aspects of an effective business continuity plan. 
• Develop and maintain a cybersecurity strategy that aligns to the organization's business strategy. 
• Ensure that cybersecurity requirements for IT are aligned with the organization’s cybersecurity strategy. 
• Manage financial aspects of cybersecurity, including budgeting and resourcing.  

Knowledge

• Knowledge of network components, their operation and appropriate network security controls and methods. 

• Knowledge and understanding of risk assessment, mitigation and management methods.  

• Knowledge of relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy. 

• Knowledge of the principles of cybersecurity and privacy. 

• Knowledge of cybersecurity related threats and vulnerabilities. 

• Knowledge of the likely operational impact on an organization of cybersecurity breaches. 

• Knowledge of vulnerabilities in applications and their likely impact. 

• Knowledge of cybersecurity aspects of business continuity and disaster recovery planning and including testing. 

• Knowledge of system and application security threats and vulnerabilities. 

• Knowledge of security system design tools, methods and techniques. 

• Knowledge of the components of a network attack and their relationship to threats and vulnerabilities. 

• Knowledge of best practices for supply chain risk management. 

• Knowledge of the national cybersecurity regulations and requirements relevant to the organization. 

• Knowledge of cybersecurity threats, risks and issues posed by new technologies and malicious actors. 

• Knowledge of the organization's risk management processes. 

• Knowledge of cybersecurity best practices for IT supply chain management. 

• Knowledge of critical information systems that were designed with limited technical cybersecurity controls. 

• Knowledge of potential vulnerabilities in all network equipment and how it is used 

• Knowledge of cybersecurity vulnerabilities across a range of industry standard technologies. 

• Knowledge of penetration testing and red teaming principles, tools and techniques 

• Knowledge of public sources detailing common application security risks and mitigations. 

• Knowledge of how capture the flag and other cybersecurity related exercises and competitions can assist in improving practical skills.

Skills

• Skill in determining the normal operational state for security systems and how that state is affected by change. 

• Skill in effectively communicating with all levels of staff. 

• Skill in identifying new cybersecurity threats in a timely manner. 

• Skill in developing policies which reflect the organization's business and cybersecurity strategic objectives. 

• Skill in evaluating the viability and legitimacy of suppliers and products.  

• Skill in continually identifying new technologies and their potential impact on cybersecurity requirements.  

• Skill in using critical thinking to recognize organizational challenges and relationships. 

Abilities

• Ability to demonstrate critical comprehension of documentation. 

• Ability to use experience to understand poorly written policies. 

• Ability to understand and relate legislative, regulatory and contractual requirements to the cybersecurity objectives of the organization. 

• Ability to communicate technical and planning information at the same level as a stakeholder's understanding.  

• Ability to apply critical thinking. 

• Ability to effectively and efficiently prioritize cybersecurity resources. 

• Ability to align business and security strategies for the benefit of the organization. 

•  Ability to recognize organizational challenges from a business, management and technological perspective.  

• Ability to relate basic cybersecurity concepts to the impact they may have on an organization. 

• Ability to apply the organization's chosen framework for describing, analyzing and documenting its IT architecture.  

• Ability to employ best practice when implementing cybersecurity controls within a system 
• Ability to develop strategy, policy and related documentation to support business strategy and maintain compliance with legislative, regulatory and contractual obligations.