Tamara is the leading Buy Now, Pay Later provider in the MENA region. Our mission is to empower people to shop through an honest, transparent and inclusive financial solution. We provide a Buy Now, Pay Later solution for customers to pay with the ability to split their payments.
The company operates out of its HQ in Saudi Arabia and has offices across the UAE, Germany and Vietnam.
About the role
The Cyber Security Manager will ensure Tamara’s systems and infrastructure are protected from the ever-evolving cyber security threats. You will develop a detailed understanding of systems landscape, work with key external system partners, develop strategies and plans to mitigate risks, & lead the implementation of these plans. You will provide thought leadership and help guide Tamara’s cyber security maturity, to include the refinement of insourced and outsourced cyber support services, annual cyber budget requirements, cyber tool selection, cyber training, and cyber reporting.
What you will do
- Manage the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems
- Manage the analysis of business needs and establishes priorities for protection of critical systems and operational policies: this includes all applicable people, process, and technology considerations
- Establish and implement appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements
- Evaluate potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers
- Manage the information system vulnerability management program.
- Lead the cyber response to security events/incidents.
- Prioritize high risk threats, summarize the recommended actions, and alert the CEO and Leadership team
- Monitoring external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc.
- Management, alignment, mapping, continuous improvement of internal security controls framework and control owner relationships.
- Provide security guidance for the organization to protect critical assets and data
- Lead Information Security planning processes to enhance a comprehensive Information Security program for the company.
- Provide guidance and counsel to management and other staff regarding all aspects of Information Security.
- Lead efforts to internally assess, evaluate and make recommendations regarding the adequacy of the security controls for the company's information and technology systems.
- Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
- Work with software development teams to integrate automated security testing mechanisms
- Interpret security tools and penetration testing results and describe issues and fixes to developers
- Build metrics to track security defects and automate collection of security information to derive metrics
- Enable automation of product security testing and find innovative ways to scale the security team
- Evaluation of new technologies, tools, and/or development techniques that impact security
- Contribute to education and awareness programs and advise staff at all levels on security issues, best practices, and vulnerabilities
- Perform technical risk analysis for corporate functional and technical areas relevant to information security.
- Assist with the management of of internal audits and regulatory examinations
- Oversee compliance with the organization's security policies and procedures among employees, contractors and other third parties, manage an information security incident response plan, and take corrective action as necessary.
- Oversee internal control systems, review internal network activity for unusual or inappropriate activity alongside other system access reports, to ensure that appropriate information access levels and security clearances are maintained.
What we are looking for
- A university degree and 7-10 years of experience analyzing network and systems design
- Certified Information Systems Security Professional (CISSP) designation or similar
- Ability to communicate effectively by getting the right message across to the right people at the right time on a regular basis
- Ability to take steps personally to ensure that mutual goals and performance targets are met within the appropriate timeframe
- Ability to work with others and work synergistically with fellow team-members
- Ability to plan, prioritize and organize work and schedules in all areas to meet requirements
- Ability to reach logical conclusions to situations by appropriately analyzing the situation. Balances the benefits, risks and consequences of actions
- Ability to assessing your ability to manage your time, and the effectiveness of your team to reach department objectives
- Ability to recognize and work towards a mutually agreeable solution when confronted with conflict
- Ability to think through possibilities and make sound decisions with appropriate degree of risk; knows when he / she has enough data to make an informed decision
- Ability to turn strategy into action, to see the big picture and use this ability productively Ability to decide what needs to be accomplished and design a plan to achieve the desired results