Rawabi Holding Company:

Operating in Saudi Arabia and the Middle East for over 30 years as one of the leading industrial players in the region and has activities in construction & engineering, oil & gas, petrochemical, utilities, power & electrical, telecommunication & IT, trading, and manufacturing. RAWABI Holding Company comprises various subsidiaries and several associated companies.

Job Role:

The main purpose of this position is to establish the Information Security function within the group and also to plan, execute, and manage multi-faceted projects related to information security risk management, mitigation, response, compliance, control assurance, and user awareness. The position focus is developing and driving security strategies, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization

Responsibilities:

• Provides strategic direction and consultation on information security and compliance to align information security with business objectives and goals, protecting the integrity, confidentiality and availability of data.
• Reviews the appropriateness of Rawabi Holding IS policies and procedures for the information security governance program, and recommends, manages, and implements required changes to it.
• Provides objective evaluations of information security controls, mechanisms and goals in comparison to best practices.
• Anticipates and addresses potential information security risk/issues, identifies areas needing improvement and develops recommendations assisting functional manager with remediation plan development, tracking findings, progress monitoring, reporting, and escalation.
• Conducts Business impact analysis (BIA) to ensure information resources are adequately protected with proper security measures.
• Update, maintain and document information security controls and provide direct support to Rawabi Holding IT department and functional managers.
• Ensures information security policies, procedures, standards, and system configurations are documented and tracked.
• Ensures Rawabi Holding continuity (BCP) and disaster recovery (DR) plans are documented and maintained.
• Contributes to senior management reports on the impact, cost, and expectations of the enterprise disaster recovery plan.
• Ensures recovery drills are performed, analyzed and recommends changes to plan, as needed.
• Acts as primary support contact for the development of secure applications and processes and works with IT teams to ensure security is engaged in all projects.
• Work directly with internal and external parties to facilitate information security risk analysis and risk management processes and identify acceptable levels of residual risk.
• Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
• Minimize security threats by examining infrastructure and devices, identifying security flaws, and using control analysis to follow up with a prompt solution. In addition, modify permissions in software packages to prevent non-authorized use, as well as monitor firewalls and switches to prevent data loss, and identity theft.
• Manage Day to Day Security Operations including perimeter security, security monitoring, Data Loss Prevention, Vulnerability Assessment/Management, malware protection and other operational needs.
• Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned.
• Performs miscellaneous tasks as assigned by his/her direct manager

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
• Seven (7) or more years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years’ experience designing and deploying security solutions.
• Knowledge and/or experience with LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems
• In depth detailed knowledge of IP-based networking protocols, network management and operations, VPNs, and encryption with the ability to analyze and IP flow down to the packet level.
• Requires Security Certification(s) (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM).
• Strong analytical, communication and consulting skills with knowledge of Information Security and related technologies.
• Keep abreast of current security threats and stay current with security technology evolution.

All your personal information will be kept confidential.

P.O  Box 79800
Dammam-Alkhobar, 31952
Saudi Arabia