Protection and Defense Director in Council Of Health Insurance الرياض السعودية

Website Council Of Health Insurance

This job listing is about Council Of Health Insurance in الرياض السعودية 2022 exclusively on

Job title

Protection and Defense Director

Job purpose

The job holder is responsible for overseeing Protection and Defense Department including Cybersecurity Projects & Architecture, Identity & Access Management, and Gaps Assessment, Incident Response and Threats Management to design and implement cybersecurity systems and networks, ensure the successful implementation of cybersecurity projects, manage individuals and CCHI identities and access to resources, evaluate security and detect potential vulnerabilities, and respond to cybersecurity incidents in order to protect systems and networks from cyber threats.


  • Develop cybersecurity risk management plans based on gaps identified in cybersecurity reviews
  • Develop the risk management framework and related documentation
  • Manage the development of secure configuration management processes and oversee implementation
  • Ensure that security requirements are included in procurement documents
  • Approve detailed functional specifications based on user needs and requirements that document the architecture development process
  • Oversee the development of enterprise architecture or system components required to meet operational needs and environmental factors
  • Approve security controls for information systems and networks and ensure appropriate documentation
  • Manage the design of cybersecurity management functions
  • Define appropriate availability levels for critical system functions and disaster recovery and continuity of operations requirements to deliver them
  • Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event
  • Ensure that acquired or developed systems and architectures are consistent with CCHI’s cybersecurity architecture guidelines
  • Manage the design of systems and solutions to support successful proofs-of-concept and pilot projects in emerging technology areas
  • Oversee cybersecurity projects ensuring alignment, on-time, and successful delivery against set KPIs
  • Work on reducing cybersecurity projects’ risks through proper planning and alignment
  • Manage the development of identity and access management strategy in line with CCHI standards and policies
  • Work with other teams to design, develop and provide identity access management solutions and address gaps during implementation
  • Manage cybersecurity functions (e.g., encryption, access control and identity management) to reduce exploitation opportunities
  • Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs
  • Manage accounts, network rights, and access to systems and equipment
  • Approve systems administration and management functionality for privileged access users
  • Establish continuous monitoring tools and technologies access control process and procedures and ensure it is managed adequately
  • Ensure that CCHI’s cybersecurity defense policies and configurations is in compliance with regulations and organizational directives
  • Maintain a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits
  • Oversee technical and non-technical risk and vulnerability assessments of organizational technology environments
  • Oversee authorized penetration testing of infrastructure and assets
  • Oversee required reviews, including reviews of defensive measures, according to CCHI policies
  • Enforce cost-effective security controls to mitigate risks identified through testing and review
  • Share security findings with management, leadership and TDT teams
  • Manage the development of penetration testing team processes
  • Manage the design of simulated attacks to reflect impact in the organization’s business and its users
  • Manage incident response tasks to support deployable incident response teams including forensic collection, intrusion correlation, tracking, threat analysis and system remediation
  • Employ defense-in-depth principles and practices in line with organizational policies
  • Monitor external data sources to keep understanding of currency of cybersecurity threats up to date and determine which security issues may have an impact on the organization
  • Work as a technical expert in support of law enforcement, explaining incident details and forensic analysis as required
  • Identify and select most effective sources of information to assist with incident investigation
  • Identify the principal threats to CCHI’s known vulnerabilities
  • Identify threat tactics and methodologies
  • Provide real-time cyber threat intelligence analysis and support during cybersecurity incidents and exercises
  • Manage the development of timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies)

Education, Certifications

  • Bachelor’s Degree in Information Systems or Computer Science or Cybersecurity or a related field
  • Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) or CompTIA Security+ or Systems Security Certified Practitioner (SSCP) or Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP) or GIAC Cyber Threat Intelligence (GCTI) or GIAC Defending Advanced Threats (GDAT) or Cybersecurity Audit Certificate (CAC) or any other equivalent certification is a must
  • Knowledge of security controls, engineering, and risks across all domains (infrastructure, endpoint, data protection, GRC, SOC, etc.)
  • Understanding of enterprise architecture fundamentals
  • Knowledge of common cybersecurity practices and controls; and preferably to be proficient in developing key performance indicators (KPIs), operational metrics and dashboards
  • Understanding of how to develop or implement IAM/PAM processes
  • Understanding of technologies like Open Source Intelligence (OSINT) collection tools and intelligence platforms (ex. Threat Connect, Eclectiq IQ, i2), security devices such as SIEM, IDS/IPS, HIDS/HIPS, anomaly detection, Firewall and Antivirus systems
  • English language level: Intermediate


  • 9+ years of relevant experience with at least 3 years of experience in a managerial role
  • Experience in security architecture development, documentation and review
  • Experience in consulting technical teams with solutioning
  • Experience in following methodologies and best practices for strategy planning and project management
  • Experience in IAM principles including access control, authorization, authentication and PAM
  • Experience in IAM and PAM technologies
  • Experience in security assessment tools (NMAP, Nessus, Metasploit, Netcat, etc.)
  • Experience in cybersecurity or computer network defense, especially in threat intelligence, incident response or malware analysis
  • Previous experience in government sector or regulatory bodies is a must

If you meet the job requirements, please apply here

or send your CV to [email protected] , make sure the job title is written in the email subject (Protection and Defense Director).

Company: Council Of Health Insurance

Vacancy Type: Full Time 

Job Location: الرياض السعودية

Application Deadline: N/A

Apply Here