Information Security Manager

The Information Security Manager for the KSA Business Unit will be responsible for implementing Nextcare's security policies, procedures, and controls in alignment with KSA regulations and the company's regional security strategy. This role requires strong expertise in local cybersecurity laws, compliance frameworks, and risk management to ensure the protection of business-critical assets and data.

Key Responsibilities:

• Regulatory Compliance & Governance: Collaborate with the Compliance function to ensure adherence to KSA cybersecurity regulations.
• Policy Implementation: Enforce Nextcare's security policies and guidelines throughout the KSA business unit.
• Risk Management: Identify, assess, and mitigate security risks while ensuring appropriate controls protect sensitive information and IT infrastructure.
• Incident Response & Management: Lead security incident response efforts, including investigation, containment, and reporting to relevant authorities.
• Security Awareness & Training: Promote cybersecurity awareness and conduct training for employees within the business unit.
• Third-Party Risk Management: Evaluate and monitor security risks associated with vendors, partners, and third-party service providers.
• Collaboration & Reporting: Serve as the liaison between the KSA business unit and the regional security team, providing updates on security posture, incidents, and compliance.
• Security Operations & Monitoring: Oversee security operations, ensuring ongoing monitoring, threat detection, and vulnerability management.
• Technical Controls Management: Implement and manage security controls, including:
  • Antivirus & Endpoint Detection and Response (EDR)
  • Data Loss Prevention (DLP) & Proxy Solutions
  • Email Security & other controls
• Emerging Threats & Best Practices: Stay informed on the latest cybersecurity threats, trends, and industry best practices to enhance the organization's security measures.

Qualifications & Experience:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, or equivalent are highly preferred.
• Minimum of 7 years of experience in information security, with at least 3 years in a managerial role.
• Strong knowledge of KSA cybersecurity regulations, including NCA and SAMA frameworks.
• Experience in implementing and managing security controls, risk assessments, and incident response.
• Familiarity with international security standards (ISO 27001, NIST, etc.).
• Excellent leadership, communication, and stakeholder management skills.
• Ability to work effectively in a regional and multicultural environment.