Security & Data Protection Officer
* Riyadh , Riyadh Province , Saudi Arabia
Finance, Legal & Compliance*
Job description
Proudly voted a Great Place to Work®, we are a dynamic startup in the SaaS space that is revolutionising the way businesses communicate. Our team is made up of 500+ energetic and passionate Unifones who are dedicated to delivering the best possible experience to 5000+ customer-centric companies.
We pride ourselves on our fun and collaborative work environment, where creativity and new ideas are constantly encouraged. As shareholders in the business, we’re so much more than a group of passionate communicators. We are Unifones. Join our team and be a part of something big!
As a Security & Data Protection Officer, you will work with our growing team and work closely with other functions in developing and leading the data protection and cyber security capabilities.
Help us shape the future of communication by:
Maintaining security controls and policies within Unifonic.
Working with stakeholders across the organization to make sure regulatory needs are met.
Performing security reviews and gap analysis.
Maintaining risk registers and assisting in treating security risks.
Maintaining up-to-date knowledge of ISO standards, security threats, countermeasures, industry good practices, and assistive technologies.
Acting as the direct point of contact with the Competent Authority and implementing its decisions and instructions in relation to security and data protection.
Reporting directly on data privacy and security risk to executive management.
Supervising impact assessment procedures, audit, and control reporting related to cybersecurity and data protection requirements.
Notifying the Competent Authority of Personal Data Breach incidents.
Responding to requests from Data Subjects and address complaints filed
by them.
Monitoring and updating the records of personal data processing activities of
the Company.
Handling violations related to cybersecurity and personal data and taking corrective actions accordingly.
Providing advice; where requested, in relation to data protection impact assessments.
Job requirements
What you will bring:
Hands-on 3 - 5 years of full-time work experience in information security management and/or related functions (such as IT Audit and IT Risk Management).
Experience in privacy and security risk assessment and best practice mitigation including, hands-on experience in privacy assessments, privacy certifications/seals, and information security standards certifications.
Knowledge of data protection law and practices.
Knowledge in:+ Access, Authentication, and Authorization Management.
+ Disaster Recovery Planning and Data Backup for Information Systems and Services.
+ Electronic Data Disposal and Media Sanitization.
+ Encryption and Network Security.
+ Penetration testing, bounty programs, and audits.
In-depth knowledge of the requirements of standards and their practical applications in the IS environment in addition to multiple information security management frameworks.
Knowledge across multiple technical cyber security disciplines and ensuring they are compliant against Information Security principles.
Excellent ability to engage with different areas of the organization and translate technical concepts into business risks.
Ability to work closely with DevOps and Engineering teams for performing security tests including code, configurations, delivery pipelines, and 3rd party library validations.
Excellent analytical and problem-solving abilities to identify and fix security risks.
Excellent communication and presentation skills to build understanding and awareness of security issues throughout the organization.
Excellent team working skills to develop security solutions in collaboration with other information technology professionals.
Understanding of the available tools and technologies available to protect and monitor IS.
BSc or MSc in Information Security or related field.
Qualified ISO27001 Lead Auditor/Implementer.
Certified Information Security Manager (CISM).
Certified Information Security Auditor (CISA).
Certified Information Systems Security Professional (CISSP).
As a Unifone, you will receive a range of benefits:
Competitive salary and bonus.
Unifonic share scheme (we are all owners!).
30 holiday days after the first anniversary.
Spend up to 10 weeks per year working from anywhere in the world!
Paid leave for new parents.
LinkedIn Learning license.
Describe your experience helping organizations protect sensitive data in ways that steer clear of regulatory issues. I have no knowledge in privacy laws. Intermediate Level: "I'm moderately knowledgeable about PDPL and GDPR, with experience in implementing these regulations in projects." Advanced Level: "I have a detailed understanding of PDPL and GDPR, with hands-on experience in compliance, training, and data breaches management." Describe the top three cybersecurity threats that you assessed and managed during your work experience. *
