Cybersecurity Manager

About the role

The Cybersecurity Manager will build and lead Petromin's cybersecurity function from the ground up, acting as both a strategic leader and a hands‑on technical expert. The role covers the full spectrum of security, from governance and risk to operations and incident response, leveraging AI and automation to enhance efficiency.

Key responsibilities

• Design and implement the cybersecurity roadmap, operating model, policies, standards, and governance forums.
• Provide technical leadership for security architecture across identity, endpoints, networks, cloud, email, applications, branches and digital platforms.
• Conduct risk assessments, identify control gaps, and drive remediation in partnership with IT, Digital Transformation and business units.
• Oversee security operations including SIEM/MSSP management, alert monitoring, incident‑response playbooks, threat intelligence and vulnerability management.
• Handle high‑priority technical tasks, investigations and escalations when team capacity is limited.
• Lead end‑to‑end incident management, containment, recovery and post‑incident reviews.
• Ensure compliance with Saudi and corporate regulations, manage third‑party risk and maintain audit readiness.
• Develop and deliver cybersecurity awareness programs, phishing exercises and executive briefings.
• Select, implement and manage security tools and external partners, ensuring SLA compliance and value.
• Create dashboards, KPIs, risk registers and budget recommendations for cybersecurity investments.
• Utilise approved AI and automation tools to streamline alert summarisation, threat research, vulnerability prioritisation, policy drafting and reporting.
• Coach the Cybersecurity Specialist and future team members, building knowledge bases and documentation.

Required profile

• Bachelor’s degree in Cybersecurity, IT, Computer Science, Engineering or related field; Master’s preferred.
• 5‑12 years of cybersecurity experience with at least 3 years leading security initiatives, vendors or teams.
• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CCSP, AZ‑500, SABSA, PMP or Agile preferred.

Required skills

• Security Architecture
• Identity Management
• Endpoint Security
• Network Security
• Cloud Security
• Email and Application Security
• SIEM
• MSSP Management
• Incident Response
• Threat Intelligence
• Vulnerability Management
• AI Automation Tools