Virtual CISO Consultant

Inbox Business Technologies is actively seeking a KSA National for the position of VCISO to support our dynamic team. This role requires a weekly onsite visit to the client’s location, along with limited hours of support each day. The Virtual CISO will play a critical role in developing, implementing, and managing information security strategies for our clients. With a deep understanding of cybersecurity frameworks and best practices, you will serve as a trusted advisor to organizations seeking to strengthen their cybersecurity posture.We are looking for a proactive and experienced professional who is passionate about cybersecurity and ready to make a significant impact across multiple client engagements.

Responsibilities

To assist with integrating security policies and protection strategies with IT systems, develop, and collaborate with key people within the business to create an IT security risk management program. This means working with senior management to ensure that IT/Cyber security policies are deployed, revised, sustained, and overseen effectively. Also, to assist with working on the Cybersecurity Framework published by the Saudi Central Bank.

1. Develop and implement a comprehensive cybersecurity strategy and roadmap to safeguard organizations' assets and data.

2. Outlining information security plans, guidelines, policies, and short-term strategies and setting goals and targets.

3. Assist with managing institution-wide information security governance processes.

4. Establish and enforce security policies, procedures, and best practices to ensure compliance with industry regulations and standards, primarily Saudi Central Bank and NCA.

5. Oversee ongoing efforts relating to different cybersecurity initiatives including but not limited to regulators' compliance activities, risk assessments, vulnerability management, cybersecurity incidents handling, and response.

6. Provide guidance and support to internal stakeholders on cybersecurity matters, including training and awareness programs.

7. Collaborate with cross-functional teams to integrate security controls into new and existing systems and applications.

8. Prepare and present regular reports on the status of cybersecurity initiatives, incidents, and compliance efforts to senior management.

9. When required, physical presence on-site (should not exceed 1-2 visits per month) while maintaining full availability and support remotely.

10. Stay current on emerging cybersecurity threats, technologies, and trends to proactively mitigate risks and enhance security posture.

11. Identifying and assisting with fixing vulnerabilities within existing security systems. 12. Performing penetration tests or working directly with penetration testers to assess potential security problems.

13. Developing organization-wide security measures.

14. Documenting known security breaches and vulnerabilities.

15. Providing feedback to the concerned to improve proposed or existing systems.

16. Conducting audits to determine security violations or vulnerabilities.

17. Assist with the implementation of the Saudi Central Bank framework roadmap.

18. Assist with ensuring that standards, processes, and procedures of the department reflect Saudi Central Bank cyber security requirements.

Requirements

• Bachelor's degree in information security, computer science, or a related field; a Master's degree is a plus.
• Proven 6 to 8 years of experience as a CISO or a senior security role in a professional services environment.
• Strong understanding of enterprise security frameworks and management standards (NIST, ISO, COBIT, etc.).
• Expertise in risk management, incident response, and compliance regulations.
• Exceptional communication and leadership skills to effectively engage with executive teams.
• Relevant certifications such as CISM, CISSP, or CRISC are highly advantageous.
• Proven ability to build and maintain strong relationships with diverse stakeholders.
• Extensive experience in developing and implementing security policies, procedures, and controls.