Cybersecurity Section Head

Date: 13-Aug-2022

Location: SA

Company: Advanced Petrochemical Company

Brief Job Description:

  • Develops cybersecurity vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate.
  • Works effectively with business units to facilitate cybersecurity risk assessment and risk management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite.
  • Develops and enhances an up-to-date information security management framework based on the following: (ISO 27001, ITIL V.4, ISA-62443, C2M2, National Institute of Standards and Technology (NIST) 800-53.)
  • Develops, socializes and coordinates approval and implementation of security policies.
  • Directs the creation of a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
  • Engage with Line of Service stakeholders to assess security threats/vulnerabilities and manage business risk;
  • Collaborating with multiple stakeholders across functional and technical skillsets.
  • Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the cybersecurity, and reviews it with stakeholders at the executive levels.
  • Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  • Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action.
  • Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.



  • Bachelor's Degree in IT major, Computer Science, Computer Engineering or any related field.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.



  • 10 years of experience in Cybersecurity GRC or equivalent field.
  • Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.
  • Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
  • Knowledge and understanding of relevant legal and regulatory requirements, such as: (NCA ECC, CSCC, CCC, OTCC)
  • Knowledge of common information security management frameworks, such as (ISO/IEC 27001, ITIL, NIST 800-53 and C2M2)


Skills & Competencies:

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
  • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
  • Excellent stakeholder management skills
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Project management skills: financial/budget management, scheduling and resource management
  • A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital