×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Information Security Manager

Job in Jeddah, Saudi Arabia
Listing for: My Clinic KSA
Full Time position
Listed on 2026-06-19
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 150000 - 200000 SAR Yearly SAR 150000.00 200000.00 YEAR
Job Description & How to Apply Below

Join My Clinic
, the leading multispecialty outpatient care provider in Saudi Arabia, where our mission to help people live longer, healthier, and happier lives drives everything we do. Since 2017, we've been at the forefront of healthcare, combining innovation with a deep commitment to care, collaboration, ambition, and responsibility. As we continue to grow and reach new heights, we're looking for passionate individuals who share our vision and values

Job Summary

The Information Security Manager leads My Clinic’s information and cybersecurity program, with a key focus on Governance, Risk, and Compliance (GRC) to ensure the protection of sensitive patient data and adherence to cybersecurity regulations, including CIS, NIST, and National Cybersecurity Authority (NCA) controls and standards. This role is responsible for developing and executing comprehensive security and risk management strategies, managing the information security team, and collaborating with IT and business leadership to safeguard sensitive data while maintaining operational integrity

Primary Responsibilitie
  • Governance and Policy Development:
    Develop, implement, and maintain comprehensive information security and data protection policies, procedures, and guidelines to ensure alignment with industry standards (e.g., CIS, NIST, NCA) and regulatory requirements, including KSA’s Personal Data Protection Law (PDPL).
  • Risk Management:

    Lead enterprise-wide risk assessments to identify, analyze, and prioritize cybersecurity and data protection risks. Develop and maintain a risk register, implement risk mitigation strategies, and monitor risk treatment plans to safeguard sensitive data and critical systems.
  • Security Operations Center (SOC) Oversight:
    Oversee the outsourced SOC operations from My Clinic’s perspective, ensuring the third-party SOC provider effectively monitors, detects, and responds to cybersecurity threats. Review and enforce key performance indicators (KPIs) for the SOC, evaluate incident handling processes, and collaborate with the provider to align SOC activities with My Clinic’s security objectives and compliance requirements.
  • Compliance Oversight:
    Ensure organizational compliance with relevant cybersecurity frameworks (CIS, NIST, NCA) and data protection regulations, including PDPL. Conduct regular compliance reviews to align with the requirements of regulatory bodies such as the Saudi Data and Artificial Intelligence Authority (SDAIA) and National Cybersecurity Authority (NCA) when necessary.
  • Data Protection Impact Assessments (DPIAs):
    Perform DPIAs to evaluate and mitigate risks associated with processing personal and sensitive data, ensuring adherence to data protection principles and regulatory obligations.
  • Incident Response and Management:
    Oversee the development and execution of incident response plans for cybersecurity and data breach incidents. Ensure timely investigation, mitigation, and reporting to relevant authorities within regulatory time frames, incorporating lessons learned into risk management processes and coordinating with the outsourced SOC provider.
  • Training and Awareness Programs:
    Design and deliver organization-wide training and awareness programs to foster a culture of cybersecurity, risk management, and data protection compliance among employees and stakeholders.
  • Third-Party

    Risk Management:

    Evaluate and monitor contracts with third-party vendors, data processors, and partners, including the outsourced providers, to ensure compliance with cybersecurity and data protection requirements, including PDPL and other relevant standards.
  • Auditing and Monitoring:
    Conduct regular audits of cybersecurity practices, data processing activities, and GRC controls to ensure ongoing compliance with internal policies and external regulations. Provide actionable recommendations to address identified gaps.
  • Advisory and

    Collaboration:

    Serve as a focal point for IT and business senior management, the risk committee, and IT leadership on cybersecurity risks, data protection strategies, and GRC initiatives. Maintain and update the risk register, providing regular reports on risk status, mitigation progress, and emerging threats…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search