Cybersecurity Manager

The Job Summary

The Cybersecurity Manager is responsible for building and leading Petromin's cybersecurity function from the ground up while remaining a hands‑on technical leader. Because the cybersecurity team is new and lean, the manager will own strategy, governance, risk, compliance, security architecture, operations, incident response, awareness, vendor management and direct technical execution when required. The role is expected to use approved AI and automation tools to multiply output, reduce manual work and improve speed, quality and visibility across cybersecurity activities.

• Build and lead Petromin's cybersecurity function from the ground up, including roadmap, operating model, policies, standards, governance forums and reporting.
• Act as hands‑on technical lead for security architecture and core controls across identity, endpoints, networks, cloud, email, applications, branches and digital platforms.
• Own cybersecurity risk assessment, control gaps, remediation plans and prioritization with IT, Digital Transformation, operations and business leadership.
• Design and supervise security operations including SIEM / MSSP, alert monitoring, incident response playbooks, threat intelligence and vulnerability management.
• Personally handle high‑priority technical tasks, investigations, architecture reviews and escalations where team capacity or expertise is limited.
• Manage security incidents end‑to‑end, coordinate containment and recovery, lead post‑incident reviews and maintain crisis communication with management.
• Establish compliance and audit readiness, security policies, third‑party risk reviews, data protection controls and evidence for applicable Saudi and corporate requirements.
• Develop cybersecurity awareness, phishing exercises, executive briefings and practical guidance for employees and business units.
• Select, implement and manage security tools and external partners including MSSP, security vendors, auditors and consultants, ensuring value, SLAs and accountability.
• Build dashboards, KPIs, risk registers, management reports and budget recommendations for cybersecurity investments.
• Use approved AI and automation tools to multiply output, including alert summarization, threat research, vulnerability prioritization, policy / SOP drafts, reporting, workflow automation and scripts while controlling data exposure.
• Coach the Cybersecurity Specialist and future team members, create knowledge bases and ensure continuity through documentation and cross‑training.

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering or a related field. Master's degree preferred.

CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer / Lead Auditor, CCSP, AZ-500, SABSA, PMP or Agile certifications preferred.

5‑12 years in cybersecurity with at least 3 years leading security initiatives, vendors or teams. Must have hands‑on experience across security operations, architecture, GRC and incident response.

• Strong hands‑on technical depth across IAM, Microsoft security, endpoint, network, cloud, email, vulnerability management and security monitoring.
• Ability to build a cybersecurity function, roadmap, policies, KPIs, budgets and practical governance from scratch.
• Experience managing incidents, audits, third‑party risk, MSSP / vendors and executive reporting.
• Ability to use approved AI, automation, scripts and workflow tools to deliver more with a lean team.
• Strong business communication, decision‑making, confidentiality and stakeholder management skills.

English:
Professional

Arabic:
Preferred