Tamheer - Specialist of Information Security

This role is conducted within the vision, mission, and strategic plan of the Insurance Authority The Information Security safeguards Authority information assets by executing governance, risk, and compliance processes that keep cyber controls effective and auditable Reporting to the Manager of Information Security, the role maintains risk registers, policy artefacts, and evidence repositories that prove continuous adherence to statutory and certification mandates The Specialist strengthens security posture by triaging low-severity alerts, coordinating incident records, and surfacing remediation priorities to senior specialists and asset owners The position also executes vendor due-diligence, facilitates audits, and orchestrates impactful awareness activities that embed compliant behavior across the workforce.

• Execute scheduled control-testing checklists and update the GRC platform with evidence, observations, and remediation status.
• Maintain the central risk register by logging new risks, updating treatment plans, and preparing weekly summary extracts for the Manager of Information Security.
• Track outstanding compliance actions arising from internal and external audits, follow up with asset owners, and escalate overdue items.
• Administer the lifecycle of information-security policies, standards, and procedures by version-controlling documents, publishing approved updates, and archiving superseded material.
• Prepare draft policy deviation forms and collate supporting rationale, ensuring complete packages are available for managerial review and approval.
• Review low-severity alerts in the SIEM dashboard, conduct initial triage using predefined playbooks, and escalate confirmed incidents to the Senior Specialist team.
• Document post-incident reports by collecting logs, screenshots, and stakeholder statements to support root-cause analysis and lessons-learned sessions.
• Coordinate quarterly phishing-simulation campaigns by uploading target lists, scheduling launches, and compiling performance metrics for circulation.
• Maintain attendance records for instructor-led security trainings and prepare compliance attestations for employees and contractors.
• Compile predefined due-diligence questionnaires for new vendors, verify submitted evidence against baseline requirements, and flag gaps for remediation.
• Support external auditors by assembling requested artefacts, arranging interview sessions with process owners, and recording auditor feedback for internal action tracking.
• Perform other job duties as assigned.

• Bachelor’s Degree in Information Technology, Cybersecurity, Business Administration, Law, Finance or a related field

• Relevant professional certification (eg, CISSP, CISM, CEH, CompTIP Security+, GIAC) is required

• A Bachelor’s degree is required

(A1-A2: Basic, B1-B2: Intermediate, C1-C2: Fluent)

• English (C1), Arabic (C2)

• Ethics & Integrity (Beginner)
• Effective Communication (Beginner)
• Collaboration & Horizontality (Beginner)
• Personal Competence (Beginner)
• Analysis and Problem Solving (Beginner)
• Information Security Management (Beginner)