Chief Information Security Officer

JOB PURPOSE :

Drive the Information Technology (IT) and Operational Technology (OT) cybersecurity strategy development and implementation to protect the business from security threats and cyber-attacks. Oversee the Governance, Risk, and Compliance (GRC) with the Security Operations Center (SOC) to lead a program of continues improvements in response to changing security risks and threats to ensure that the organization’s intellectual, IT / OT assets and information are safeguarded against internal and external threats. Ensure SASREF is holding a robust cybersecurity program and is complying with regulatory cybersecurity requirements.

KEY ACCOUNTABILITIES :

• Assist in the development and drive for the achievement of the IT / OT Information Security mission and vision.
• Define, develop, and maintain an information Security Strategy that is aligned with SASREF objectives that covers all cybersecurity related assets and risks.
• Establish and maintain information security policies, procedures, and guidelines for implementing and safeguarding the company’s infrastructure while in alignment with the relevant legislation and industry standards.
• Implement and oversee the cybersecurity risk management program and risk registers for operational and strategic cybersecurity risks.
• Align the cybersecurity risk management program with the enterprise risk management program.
• Develop a regulatory compliance framework and register to be assessed and monitored.
• Ensure compliance with the changing laws and applicable regulations.
• Drive to achieve the yearly cybersecurity maturity KPIs targets for IT / OT by conducting gap assessments and regular monitoring.
• Brief senior management on the cybersecurity strategy, risks and compliance status for SASREF.
• Manage the cybersecurity committee meetings as the cybersecurity committee secretary.
• Define and implement the Third‑party cybersecurity risk management program through integration with the contracting cycles for evaluation.
• Oversee and drive the continues cybersecurity evaluations such as penetration tests, vulnerability scans, red team exercises, and compromise assessments. While monitoring the gaps and remediation actions until closure.
• Report cybersecurity incidents to the management and regulating entities while providing regular communication reports.
• Oversee cybersecurity incidents and high‑level security alerts until closure; ensure and recommend mitigating actions for avoiding recurrence.
• Act as the focal point of communication with National Cybersecurity Authority (NCA).
• Maintain the Information Security Management Systems (ISMS) to sustain the ISO27001 certification.
• Initiate, facilitate, and promote cybersecurity awareness program and ensure proper implementation of all its aspects including training, phishing, and consequence management.
• Ensure that incident response plans are in place, up‑to‑date and tested.
• Oversee infrastructure, network, system and application‑related technical and architectural changes and design decision to enhance the underlying infrastructure security and alignment with the Enterprise Architecture (EA).
• Oversee logical access management to SASREF assets through the Identity and Access management policy definition and compliance checks.
• Conduct periodic internal security assurance reviews / audits on the SASREF’s assets to monitor security compliance with information security policies and procedures, before the scheduled internal / shareholder / NCA / external audits.
• Manage and prepare for the external Information Security audits while monitoring and driving for the closure of all identified gaps.
• Utilize and manage the baseline compliance tools (Tripwire) in both IT and OT.
• Define, monitor and aim to achieve the cybersecurity Key Performance Indicators (KPIs) while communicating the KPIs with the cybersecurity committee and SASREF management.
• Ensure the business processes and work activities, relevant to position, are executed in compliance with SASREF policy, procedures and best practice to achieve the business objectives in a safe, efficient and cost effective manner.
• Plan and manage the department budget for the cybersecurity activities.
• Lead, motivate, develop and assess the assigned team to achieve business objectives and grow capability.

SAFETY :

Workplace (WPS) and Process (PSM) Safety :

Performance Indicators :

Cybersecurity :

QUALIFICATIONS & EXPERIENCE :

Qualification :

Experience :

SASREF values its people as they are its greatest asset. We shaped our compensation and benefits to provide wide variety of excellent and competitive packages to our diverse employees. We aim to Attract, Maintain, Engage & Retain our employees.

Post Dates :

Starting Date : 17-Nov-2025

End Date : 16-Dec-2025

Seniority level

Director

Employment type

Full‑time

Job function

Information Technology

Industries

Chemical Manufacturing and Oil and Gas

#J-18808-Ljbffr