Infra & Cyber Security Specialist

Overview

Fad International is a vertically integrated corporate firm that owns, manages, and executes its own innovative, trendy brands. Established with the launch of femi9 in 1999, Fad International is known for its two fashion brands, femi9 and Vivid Flair London. With the launch of thelevele.com, a fashion and beauty e-commerce website in the GCC, Fad International aims to provide its wide customer base with a convenient and customer-friendly online shopping experience. The company is owned by a Saudi award-winning entrepreneur. Role Description Own the reliability and security of our core IT environment (network, identity, endpoints, servers / cloud), while driving data protection practices across the company. Day-to-day scope covers infra / security operations, change governance, and privacy & data-governance work aligned to Saudi regulations. The role benefits from hands-on experience across public cloud, enterprise productivity, centralized logging / monitoring, and practical compliance operations. Responsibilities

Operate and harden infrastructure : routing / switching, segmentation, NGFW, VPN / remote access, Wi‑Fi; endpoint protection and patch cadence; backup / DR drills. Run SIEM / SOC workflows : onboard / normalize logs, tune detections, triage alerts, coordinate incident response, and document lessons learned. Manage identity & access : least privilege, privileged access with break‑glass, periodic access reviews, and disciplined joiner‑mover‑leaver processes. Lead vulnerability management end‑to‑end : scanning, prioritization, remediation with owners, verification, and reporting. Data Protection (Privacy) PDPL : maintain data inventories and flow maps; support privacy impact assessments where needed; enforce data minimization, encryption, retention, and secure disposal; prepare breach readiness and privacy‑by‑design in projects. Third‑party management : perform security / privacy due diligence for vendors / processors; review SoW / SLAs; track evidence for audits. Project & change governance and reporting : register CRs, prepare CAB / eCAB inputs, maintain RAID log, and publish a concise weekly status. Enablement : deliver security awareness sessions and publish practical SOPs / runbooks for repeatable operations. Qualifications

3–5 years in infrastructure and security operations within an enterprise environment (retail experience is a plus). Hands‑on across public cloud and enterprise productivity platforms; confident with centralized logging / monitoring and endpoint management. Solid fundamentals in IAM, network segmentation, VPN, and backup / DR practices; familiarity with DLP concepts and enforcement patterns. Practical experience aligning to KSA expectations ("NCA" national cybersecurity controls and "PDPL" data protection law) and ISO‑style controls; exposure to risk registers and audit readiness. Strong documentation, stakeholder communication, and project coordination (CRs / CAB, RAID, acceptance criteria). Bachelor’s in IT / CS or related field; relevant security / privacy training or certifications are a plus.

#J-18808-Ljbffr