Cybersecurity Specialist
Job details
Cybersecurity SpecialistDepartment: ComplianceEmployment Type: Full TimeLocation: Riyadh - LiferaDescriptionA career at Lifera is more than a job - Lifera's mission is to enable the Saudi National Biotech Strategy, help achieve biopharma resilience in Saudi Arabia, and establish Lifera as a leading global biopharma company. A career at Lifera is an opportunity to change the future, contribute to enabling Saudi Arabia's Vision 2030 and change lives.Lifera is building a sustainable network of high-tech, end-to-end manufacturing assets and at-scale multiomics capacity to enable therapeutic discovery. Lifera aims to enable Saudi biopharma resilience through local manufacturing across priority essential and life-saving medicines, enable scientific discovery through multiomics, and ultimately to increase access to medicines and health for all. Career training and upskilling are key to what we offer employees. Lifera plans to train a few hundred individuals in specialized biopharma and genomics areas through 2029.Qualified applicants will receive consideration for employment in alignment with the HR policies and procedures deployed at Lifera. Requests for reasonable accommodation can be made at any stage of the recruitment process.Lifera offers employees a robust total rewards program which is thoughtfully designed to support our employees across multiple needs. We encourage you to apply and start a conversation with one of our recruiters.Key ResponsibilitiesCybersecurity Governance: Work with senior leadership to understand compliance gaps or requirements, technical needs and translate them to policy statements. Lead the establishment and maintenance of security policies, baselines, standards, checklists, and processes for Info. Security within the organization. Review and update cybersecurity policies, standards, and procedures to define expectations, roles, responsibilities, and acceptable behaviors related to information security across the business units and functions aligned to organization objectives. Establish cybersecurity governance frameworks, committees, and reporting structures to facilitate decision-making and accountability.Cybersecurity Compliance: Ensure compliance with data privacy and protection regulations by implementing appropriate safeguards, controls, and data management practices in accordance with NCA (National Cybersecurity Authority) frameworks and guidelines as well as standards set by the parent organization. Establish a data protection compliance program. Responsible for identifying compliance gaps and recommending technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective manner. Conduct pre-go live compliance checks for any new projects.Cybersecurity Risk Assessment: Oversee cybersecurity risk assessments and vulnerability scans to identify potential compliance risks, security threats, and gaps in controls. Prioritize identified risks based on their significance, criticality, and potential impact on the organization's operations, reputation, and strategic objectives. Develop risk mitigation strategies, control frameworks, and remediation plans to address identified risks and vulnerabilities proactively. Ensure that proper documentation on risk assessment findings, methodologies, assumptions, and recommendations through comprehensive risk assessment reports is carried out. Ensure that risk assessment activities align with regulatory requirements, industry standards, and compliance frameworks governing information security, privacy, and data protection. Conduct periodical phishing simulation exercises within the enterprise to assess cybersecurity compliance and risk.Identity Governance: Define the digital identity strategy for employees of the organization. Ensure that identities are created, updated, and retired in accordance with organizational policies and procedures. Oversee the design of role-based access control (RBAC) mechanisms to define the roles and their access based on functions and responsibilities. Oversee the review process and remediation activities of excessive or inappropriate access privileges to reduce the risk of insider threats and data breaches.Contract Reviews: Oversee the review of cybersecurity clauses in contracts to ensure vendors and service providers have implemented appropriate security controls, standards, and best practices to protect sensitive data and information assets. Ensure that contracts include provisions for data processing agreements and data protection impact assessments as required by privacy regulations. Evaluate contracts for provisions related to vendor security assessments, indemnification clauses, and liability limitations.Security Awareness and Training: Develop and implement security awareness and training programs to educate employees on cybersecurity best practices and promote a culture of security awareness.Cybersecurity Maintenance and Operations: Conduct cybersecurity risk assessments and vulnerability scanning on systems and assets. Prepare cybersecurity assessment and audit reports that identify technical and procedural findings. Correlate incident data to identify vulnerabilities and recommend effective remediation strategies. Collaborate with IT departments/staff to investigate and resolve any cyber risks. Conduct regular monitoring of cybersecurity implementation and testing practices. Assess and verify the efficiency of cybersecurity measures, including antivirus, firewall, and threat detection protocols. Implement all cybersecurity risk controls and applicable policies, standards, and best practices to protect IT systems, data, and technology assets.Skills, Knowledge and ExpertiseEducational qualifications:Bachelor's degree in computer science, information technology, cybersecurity, or a related field requiredProfessional certification such as CISSP, CISM, CGEIT etc.Experience:4-5 years of experience in information security, including deep experience in information security governance and compliance.
#J-18808-Ljbffr Quality Management
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.