Cybersecurity Infrastructure Governance VP

About the Job
The Cybersecurity Infrastructure Governance VP is responsible for leading and overseeing the governance of cloud cybersecurity infrastructure within the organization. This role ensures compliance with cloud security standards, technical configuration guidelines, and patch management. Additionally, the Head of Cloud Cybersecurity Infrastructure Governance oversees application security assurance and manages the cloud posture through Cloud Security Posture Management (CSPM) tools. This position plays a critical role in ensuring the security and compliance of the organization's cloud environment.

Responsibilities:

• Security Compliance:
  Develop and maintain a security strategy and roadmap that aligns with the organization's overall cybersecurity strategy and business objectives, covering Cloud, Network, 5G, IoT, IIoT, and AI. Develop, review, and enforce infrastructure security policies, standards, and procedures for secure cloud usage, data protection, access controls, encryption, and incident response. Collaborate with internal audit teams, external auditors, and regulatory authorities to demonstrate compliance and address audit findings.

• Technical Configuration Compliance:
  Review enterprise infrastructure architectures, configurations, and deployment models for alignment with industry best practices and defined security frameworks. Establish and maintain technical configuration standards for cloud infrastructure, ensuring adherence to security standards, and overseeing the tracking of changes throughout the IT asset lifecycle. Develop hardening measures to reduce the attack surface and mitigate common security vulnerabilities.

• Patch Management:
  Oversee the development and implementation of patch management processes for enterprise infrastructure, ensuring timely and effective patching of vulnerabilities. Ensure governance over patch management processes to identify, prioritize, test, and deploy security patches and updates across cloud platforms.

• Application Security Assurance:
  Oversee the implementation of application security controls and assurance processes in the cloud, including secure coding practices and vulnerability assessments. Define and promote secure coding standards and oversee teams performing static code analysis and dynamic application security testing.

• Cloud Security Posture Management (CSPM):
  Implement and manage Infrastructure Security Posture Management tools to continuously monitor and assess the security posture of the organization's infrastructure. Guide the team on utilizing automation tools and scripts to automate remediation actions and enforce security controls.

Minimum Qualifications:

• Bachelor’s or Master’s degree in computer science, information technology, cybersecurity, or a related field.
• At least 15 years of experience in cybersecurity with proven experience in cloud security governance, technical configuration, compliance, and incident response.
• At least 4-5 years of experience in leading Cloud Network, 5G, IoT, IIoT, and AI security for mid to large size organizations and proven experience in conducting cloud security assessments.
• Professional certifications in cloud security, such as CCSP (Certified Cloud Security Professional) or CCSK (Certificate of Cloud Security Knowledge), are highly desirable.

Company Overview
Aramco Digital is the digital and technology subsidiary of Saudi Aramco, committed to driving digital transformation and technological innovation across various sectors. The organization aims to create a thriving national digital ecosystem and spearhead AI and digital innovation worldwide.