IDB2860 - Senior Solution Security Specialist

Business Unit: Administration Complex
Division: Solution Delivery
Department: Information Management & Disruptive Technology
Country: Saudi Arabia
Location: Saudi Arabia - Jeddah
Closing date: 23-Sep-2022

Job Purpose:

  The Senior Solution Security Specialist is responsible for the security governance of IsDB’s business applications inline with the defined business and security strategy. Additionally, the Senior Solution Security Specialist works with the respective stakeholders on daily basis to ensure that risks have been mitigated and security regulatory requirements have been met.

Key Accountabilities:

  • Establish, operate, and maintain the security solution governance model based on the business requirements and best practice.
  • Ensure adherence to cybersecurity and IT governance policies and guidelines in collaboration with Security Operations
  • Guide the business and IMDT stakeholders to implement and maintain security controls as per IsDB security policies and regulatory requirements.  
  • Ensure that identified risks and audit findings are mitigated on the agreed timelines. Also, follow a risk based approach in day-to-day solution governance activities to ensure that security risks are proactively identified and closed.
  • Ensure that security due-diligence is performed on new initiatives, RFPs, projects and major solution changes and communicate the observations via agreed channels.
  • Participate in application change management process and ensure that risks identified and security requirements are established.
  • Ensure that IsDB’s security compliance requirements are identified on annual basis. Prepare plan for achieving security compliance and communicate it to all stakeholders
  • Work with internal and external auditors to ensure that required independent assessments have been conducted. Ensure that security attestations are submitted to regulatory institutions as per defined timelines.
  • Work as part of the CSIRT team in case of security events to ensure that incident is identified , contained and solutions/information are recovered in timely manner
  • Perform application security vulnerability management.
  • Consult with product teams in application security and introduce Application security improvements.
  • Maintain applications patch management security/risk assessments.
  • Ensures that the solutions securities for each product group comply with IsDB’s Enterprise security and governance to meet business requirements and promote reusability
  • Define and maintains solution-specific security procedures and guidelines for the solution development lifecycle stages in collaboration with the IT Governance team and reviews adherence on a periodic basis.
  • Anticipates security alerts, incidents and disasters and reduce their likelihood by determining the most effective way to protect IsDB’s applications, and data against possible security risks.
  • Contribute to the development of the IT strategy, enterprise architecture, standards, policies, procedures and budgets in relation to IT infrastructure and IT security infrastructure and services for HQ and Regional Hubs

Education and Experience:

Education:

  • Bachelor’s degree in Computer Science or Engineering or related field

 

Experience:

  • Minimum 8 years of experience in information and security operations, including 3+ years of experience managing Solution and Application security risk-based.  

 

Languages:

  • English(mandatory)
  • Arabic(preferred)
  • French (preferred) 

Skills and Necessary Knowledge:

  • Adopt the ability to execute work in an agile, innovative manner (DevOps), while also maintaining traditional project methodologies (such as waterfall when needed)
  • Experience in implementing security standards, network engineering/administration, operating system security and vulnerability assessment tools
  • CISSP or CISM or other relevant information security industry recognized certification
  • Good understanding of server & application systems, networks, firewalls, and load balancers
  • Prefer to have CEH (certificate of Ethical hacking )