Cybersecurity Architect


Position description

We are seeking a Cybersecurity Architect to join the IT Cybersecurity GRC Division of Information Protection Department/IT.

The IT Cybersecurity GRC Division is responsible for cybersecurity governance, and risk and compliance duties within the Information Technology admin area. Such roles include; developing cybersecurity strategies, developing and maintain cybersecurity architecture, developing and maintaining cybersecurity technology roadmap, conducting risk assessments, identifying proper controls to mitigate the risks, managing risk register, developing cybersecurity standards, developing and managing security metrics, and conducting compliance assessments.

The Cybersecurity Architect’s primary role is to perform the tasks of developing cybersecurity strategy, architecture, and a technology roadmap. In addition, conduct technical risk assessments, evaluate and recommend proper mitigation controls. Moreover, liaise with management at various levels to present status on cybersecurity risks. The role also includes mentoring other junior employees in the field.


Minimum requirements

As the successful candidate, you will hold a Bachelor’s degree in Computer Science, Management Information Systems (MIS), or Information Technology, from a recognized and approved program. An advanced degree is preferred.

You will have eight to ten years of experience in cybersecurity, including at least five in cybersecurity architecture. You must be well-versed in Cybersecurity framework such as NIST CSF, modern Cybersecurity Architecture such as Zero Trust Architecture, Enterprise Security Architecture framework such as SABSA, and Risk Management frameworks such as ISACA Risk IT, ISO 27005 or others. You must have solid technical background in networking, network security, virtualization technologies, and network segmentation (such as SDN, or NFV). You should have good knowledge in cloud cybersecurity technologies & services. Having experience in penetration testing and vulnerability assessment is preferred.

You are expected to have excellent communication and presentation skills to be able to present and communicate to management — at various levels — the status of cybersecurity, risks, and compliance. In addition, you should have a very effective technical writing skills to be able to develop a cybersecurity technology roadmap, and risk assessment reports.

At least one of the following industry leading certificate is required; SABSA Chartered Security Architect (SCF or above), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), or GIAC Certified in Strategic Planning, Policy & Leadership (GSTRT). Having more than one of the previously mentioned certifications is preferred.


Duties & responsibilities

You will be required to perform the following:

  • Define, develop, and maintain cybersecurity strategies.
  • Define, develop, and maintain cybersecurity technology roadmap.
  • Define, develop, and maintain cybersecurity architecture.
  • Conduct technical risk assessments for IT.
  • Identify cybersecurity controls to mitigate identified risks in the IT Risk Register.
  • Maintain an organization-wide risk register and risk database for IT.


How to apply

If you believe you meet the requirements for this role, please contact us with your CV and state AAS - “Job Title” in the subject. 

Apply now

<< Jobs at Saudi Aramco