Cyber Security Governance & Compliance lead

Established in 2008, Geidea epitomises customer focused empowerment and commercial success through continuous innovation Geidea makes best in class digital payment solutions available for all by attracting and leveraging the best creative & entrepreneurial talent in the market Our solutions give any business the chance to get ahead and reach for more no matter their size or maturity. Our technology mirrors our people - Smart, Innovative & Forward Thinkingwww.geidea.netTo maintain competitive advantage as we grow, we are currently looking for new Cyber Security Governance & Compliance leadJob purpose: Assist in the implementation of A governance, risk, and compliance programs and guidelines, drafting policies and procedures, reporting to ensure smooth implementation of cybersecurity activities across all regions in Geidea.Key accountabilities and decision ownership: Assist in implementation of Information Security Management System in compliance with SAMA CSF, PCI-DSS and ISO 27001 across organization.Assist in implementation of PCI DSS compliance.Assist in drafting, maintaining, and enforcing policies, procedures, and controls in accordance with PCI DSS.Coordinate and formulate detailed reports of ISMS internal reviews and periodic PCI DSS reviews.Execute periodic activities as required for achieving compliance of PCI DSS/ISO 27001.Coordinate and assist various teams in closure of ISMS findings internal review report and PCI DSS gaps.Assist and coordinate with various teams in annual external audits of PCI DSS.Assist and support in achieving PCI DSS compliance for upcoming projects and various teams in IT.Conduct organization wide information security awareness training. Assist in security incident response and RCA activities.Implementing cybersecurity program in compliance with CBE Cyber Security Framework, PCI-DSS and ISO 27001 across organization.Conduct a cyber security risk assessment.Represent the cyber security function in the change management process.Maintain an updated risk register.Report on the progress and engagement of the cyber security GRC on a weekly basis.Conduct cyber security third-party risk assessment.Engage in the early stages of business project to recommend cyber security controls.Must have technical / professional qualifications: 3-5 years of experience Bachelor’s degree in computer engineering, computer science, Information Technology or any related field.Certifications:ISO 27001 LA/LIPCIPCISA/CRISC/CISSPCEHITIL FoundationCompTIA Security+Firewalls certificationsExperience in information security and application security controls.Exposure to methodologies, such as OWASP is preferred.Sound experience in PCI-DSS, SAMA Cyber Security Framework, and NCA.Knowledge and understanding of Information Security related risk assessments framework such as SAMA, OCTAVE, COBIT, ISO 27005 and NIST 800-30, CBE. Ability to perform internal information security reviews and meet with externalaudits. Sound understanding and knowledge of firewall rules, security architecture, infrastructure, and application hardening.Sound experience in Implementing ISMS, performing internal reviews, drafting and enforcing policies in accordance with SAMA Cyber Security Framework, ISO 27001, and PCI-DSS, CBE Cyber Security Framework or national regulators. Exposure to the financial Sector Is preferred.Our values guide how we think and act - They describe what we care about the mostCustomer first - It’s embedded in our design thinking and customer service approachOpen - Openness allows us to constantly improve and evolveReal - No jargon and no excuses!Bold - Constantly challenging ourselves and our way of thinkingResilient – If we fail, we bounce back stronger than beforeCollaborative - We know that we can achieve a lot more as a teamWe are changing lives by constantly striving for a better solutionClick apply below and become part of the Geidea story