About Arib:

Arib is a Saudi fintech startup that operates in the Kingdom of Saudi Arabia. Having obtained a license from the Saudi Central Bank (SAMA), Arib aggregates financing options from various institutions on a single platform. This allows users to compare and select the most suitable financing option for their needs. Arib was initially launched in late 2018 under the name syaaraat.com, focusing on digital brokerage for auto-leasing. While syaaraat.com is still operational, Arib has since expanded its services to include brokerage for other financial products, such as personal loans, mortgages, Credit Cards, and SMEs. Through its aggregated marketplace, Arib aims to simplify the process of finding and securing the right financing options for its customers across this broader suite of financial services.

Job Overview:

This role involves defining and revising the Arib security policy to align with ISO 2700x, SAMA CSF, and NCA standards. Key responsibilities include conducting risk assessments for projects, overseeing access control reviews, and serving as the focal point for audits. The position also supports the Information Security Awareness program and implements information classification and protection measures. Reporting security metrics and conducting gap assessments against NIST SP 800-53 and ISO 27001 are essential tasks. Proficiency in managing GRC tools for automating compliance and monitoring controls is required.

Key Responsibilities:

· Defining, developing, applying, and revising the Arib security policy and procedures in compliance with ISO 2700x, SAMA CSF, NCA.

· Conduct Risk assessment for new or existing projects outside Egypt adhere to national standards such as SAMA, NCA.

· Oversight the execution of the access control review plan to ensure access remains appropriate and is based on business need.

· Acts as a focal point for audits missions.

· Oversight and support the Information Security Awareness program.

· Oversight the implementation of Information classification and protection within the company.

· Reporting security metrics to management.

· Conduct Gap assessment regarding NIST SP 800-53 and ISO 27001.

· Conduct 3rd party risk assessment by Identifying and evaluating potential risks or any possible change may affect the customer environment, considering both threats and vulnerabilities and their responsibility for implementing and maintaining their own cybersecurity controls to meet contractual obligations and industry standards. This includes measures like access controls, data encryption, and incident response plans.

· Analyzing diverse risks like hardware failures, natural disasters, human error, and internal threats alongside cybersecurity concerns and prioritized list of risks with their likelihood and potential impact on business objectives (financial loss, reputational damage, etc.)

· Evaluates risks and develops security standards, procedures, and controls to manage risks.

· Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.

·Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.

· Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.

· Conduct compliance assessment for Arib Security controls adhere to national standard such as NCA, SAMA.

· Have good experience in managing GRC tools such as Eramba tools or equivalent.

Job Qualifications:

· Bachelor's degree in Computer Science, Information Systems, Cyber Security or any equivalent field is required.

· 2-5 Years of experience in GRC or a related role.

· 1 year of experience in “SAMA” is a plus

· Good knowledge of NCA regulations

· Familiarity with GRC tools and technologies, such as Eramba tools or equivalent.

· Prefer holding at least one industry-relevant professional certification and other individuals could hold similar certification:

•Certified Information Systems Security Professional (CISSP)

• (CISA)

•Certified Information Security Manager (CISM)

• ISO 27001 Lead Implementor

للتقديم الان