Security Controls Effectiveness Advisor

SWATX is hiring a Security Control Effectiveness Advisor to evaluate, enhance, and promote the effectiveness of the organization's cybersecurity controls in alignment with strategic goals and regulatory requirements. This role emphasizes compliance with Saudi regulations, including the National Cybersecurity Authority (NCA) SCyWF framework. Saudi Nationals are preferred for this position.

Key Responsibilities:

Cybersecurity Control Review and Strategy Alignment:

• Review the effectiveness of cybersecurity controls to ensure alignment with organizational strategic goals.
• Assess the adequacy of access controls to ensure they meet internal policies and standards.
• Evaluate, implement, and monitor cybersecurity improvement actions as required by strategic priorities.

Cybersecurity Advocacy and Stakeholder Engagement:

• Promote the value of cybersecurity to stakeholders and advocate for the integration of cybersecurity into organizational goals.
• Provide expert guidance and insights on cybersecurity risks and posture to senior management.
• Influence senior leaders to prioritize cybersecurity within strategic planning and decision-making.

Policy and Program Development:

• Participate in the development or modification of cybersecurity program plans and requirements.
• Provide policy guidance to cybersecurity management, staff, and users, ensuring alignment with strategic and regulatory objectives.
• Evaluate the cybersecurity components of supplier selection and proposals, ensuring alignment with organizational policies.

Compliance and Implementation:

• Monitor and assess how well cybersecurity policies, principles, and practices are implemented within planning and management services.
• Conduct gap assessments against KSA regulations and international standards, including NCA ECC, CSCC, OTCC, CCC, TCC, OSMAC, DCC, and relevant ISO certifications.
• Provide thorough, pragmatic recommendations for addressing identified gaps.

Technical and Regulatory Expertise:

• Evaluate cybersecurity assessments, including:
  • Security architecture and configuration reviews.
  • Attack path simulations to identify vulnerabilities and risks.
• Ensure compliance with relevant NCA guidelines and implement necessary controls.

Required Qualifications:

Technical Skills and Knowledge Areas:

• Familiarity with all knowledge areas, skills, and abilities of the Cybersecurity Advisor job role as outlined in the NCA Saudi Cybersecurity Workforce Framework (SCyWF).
• Expertise in cybersecurity architecture, risk management, and program implementation.
• Proficiency in conducting thorough evaluations of cybersecurity controls against national and international standards.

Preferred Certifications:

Candidates with the following certifications will be highly regarded:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CGEIT (Certified in the Governance of Enterprise IT)
• CRISC (Certified in Risk and Information Systems Control)
• ISO 27001 Senior Lead Implementer/Auditor or equivalent.