Cyber Security Manager Prince Mohammad Bin Fahd University

Job Purpose

To oversee the University's cybersecurity operations, establishing a strong security posture through policies, architecture, and training. Responsibilities include selecting security solutions, conducting vulnerability audits, and collaborating with internal and external stakeholders to enhance enterprise security.

Duties and Responsibilities

Major Duties/ Responsibilities:

Develop digital information security policies, standards, and guidelines that meet business, technology, and legal requirements, aligning with best professional practices.

Assess threats to confidentiality, integrity, availability, accountability, and compliance; take ownership of security control reviews, business risk assessments, and reviews following significant security breaches.

Serve as the focal point for digital security expertise, providing authoritative advice on security controls, including legislative and regulatory requirements.

Manage the operation of appropriate security controls as a production service for business system users.

Deliver security components of enterprise architectures.

Protect information and systems by defining policies to ensure availability, integrity, authentication, confidentiality, and non-repudiation; restrict access to authorized individuals only.

Promote awareness of national and international laws regarding confidentiality, privacy, and copyright.

Develop strategies for information assurance as part of corporate digital governance, including guidelines for users.

Ensure architectural principles are applied during design to reduce risk and enhance assurance standards through rigorous security testing.

Define practical performance measures to monitor information assurance priorities set by the business.

Contribute to the development, implementation, and monitoring of policies and processes to maintain the availability, integrity, and confidentiality of the organization s information assets.

Advise on the suitability of design, tools, activities, and processes to mitigate cybersecurity risks; document findings and prioritize recommendations.

Job-Specific Skills:

Working experience in a Security Operations Center (SOC) or Network Operations Security Center (NOSC) environment.

Strong knowledge of information technology, including applications, networks, and systems.

Experience in performing IT Audit reports and Risk Assessments.

Familiarity with developing Business Continuity and Disaster Recovery Plans.

Proficient in using vulnerability assessment and penetration testing tools.

Knowledge of security attack techniques, including familiarity with the MITRE ATT&CK framework.

Proficient in MS Office, MS Visio, and project management tools.

Experience in project management, problem-solving, training/coaching, and conflict resolution.

General knowledge of ISO 27001, ITIL, or other control frameworks.

Experience in writing Standard Operating Procedures (SOPs).

Qualifications & Experience (Required)

• Education: Master s degree in Computer Science, Information Technology, or a related field.
• Experience: 8-10 years of progressively responsible roles in cybersecurity within enterprise environments.
• Certifications: Required CompTIA Security+, CEH, CCNA. Preferred CCNP, CISSP.
• Technical Experience: Proven hands-on experience with major cybersecurity tools, specifically Cisco ASA, WatchGuard, Juniper, and CheckPoint Firewalls.
• Compliance and Standards: Familiarity with regulatory frameworks (e.g., NCA standards) and implementation of cybersecurity best practices in enterprise environments.
• Vulnerability and Patch Management: Track record in managing and assessing vulnerabilities and applying patches as part of a structured security protocol.
• Incident Management: Experience in security incident response, including incident detection, response, and forensics.

Knowledge, Skills and Abilities (Required)

• Technical Proficiency: In-depth knowledge of network and web protocols, especially within Linux/Unix environments.
• Analytical Skills: Strong attention to detail with an analytical mindset for problem-solving and risk assessment.
• Security Practices: Proficient in managing access controls, encryption, network segmentation, and applying cybersecurity controls effectively.
• Communication: Strong written and verbal communication skills for clear reporting and documentation.
• Adaptability: Ability to stay updated with evolving cybersecurity trends, including threat intelligence and hacking techniques.
• Collaboration: Skilled in working with cross-functional teams and coordinating with other IT and security professionals.