Head of Security

• Job title: Head of Security Compliance
• Department: Information Security
• Location: KSA, Riyadh
• Reporting to: Group Vice President of Information Security, CISO

About noon

noon, the region's leading consumer commerce platform. On December 12th, 2017, noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. noon is a work in progress; we’re six years in, but only 5% done. noon’s mission: Ring every doorbell, everyday.

Responsibilities

• Manage and scale security risk, compliance, and data privacy programs by defining expectations, timelines, milestones, success KPIs, and drive accountability across stakeholder teams to ensure security objectives are met.
• Development & implementation of data privacy framework and processes (e.g., TOM, policies & procedures, Consent Management, DSAR requests, Data Privacy incident management, etc.)
• Own all aspects of the compliance requirements, including the management and implementation of the key controls of NCA ECC, SDAIA PDPL, and other regional regulations across our group of companies.
• Establish metrics and regular reporting mechanisms for measuring compliance, security posture and provides analysis to the Group CISO and senior management.
• Conducting Information Security risk management activities, including information security risk assessment, vendor reviews, and remediation of identified gaps and issues.
• Leading regional KSA security initiatives and serving as the main POC and escalation point for the regional security program in relation to process or project-related functions and operational support.
• Overseeing the design and implementation of the Vendor Risk Assessment program and liaising with outside vendors/suppliers regarding security and compliance measures.
• Effectively write and communicate audit, assessment or compliance results, findings, and recommendations to stakeholders while ensuring high-quality and proper documentation of project deliverables.
• Manage security training and awareness programs and assist with building a culture of security awareness across the organization.
• Responsible for monitoring compliance with information security policies and maintaining internal SLAs across the org.
• Responsible for vendor management, including assisting with third-party penetration assessments and ensuring that findings are appropriately prioritized and resolved.
• Develop and maintain security policies and compliance content, including security documentation, security FAQs

What you’ll need

• Holds a minimum of a bachelor's degree or equivalent experience, in Computer Science, and holds certifications such as CISM, ISO 27001 Lead Implementer or CISSP.
• Working experience in overall compliance, risk management, and data privacy.
• Experience in interpretation and practical application of data privacy laws
• Must have at least 5 years in managing regulatory and compliance framework requirements (e.g., PCI DSS, SOC2, ISO27001, ISO 27701, GDPR, NCA ECC/NDMO/SDAIA data privacy framework)
• Experience in Data Protection Impact Assessments.
• Good understanding of regional security standards and regulations.
• Experience driving projects end-to-end independently, including evaluating, defining, and improving end-to-end processes
• Experience with information security in one or more of the following is preferred: application security, vulnerability management, penetration testing, and data protection implementation.

Who will excel?

‘noon isn’t for everyone. And that’s okay.’ This is one of our core operating principles. We're looking for resourceful doers. Thinkers who are both creative and analytical. Problem solvers who are enthusiastic about delivering results. Our ideal candidate will be comfortable in a fast-paced, multi-tasked, high-energy, and often ambiguous environment. If the above values resonate with you, then noon might be the place for you.