Senior Consultant Cybersecurity-Arabic Speaker

<div><ul><li>Conduct comprehensive cybersecurity maturity assessments across organizational systems and processes, with a focus on aligning with the Capability Maturity Model Integration (CMMI).</li><li>Perform evaluations that measure the maturity of existing cybersecurity practices, identifying areas of strength and opportunities for improvement.</li><li>Experience in compliance with relevant regulations, standards, and best practices, including but not limited to:</li><li>All KSA National Cybersecurity Authority (NCA) regulations</li><li>ISO 27001 (Information Security Management)</li><li>Provide detailed, actionable recommendations to address identified gaps during assessments, focusing on improving cybersecurity practices.</li><li>Develop a clear, strategic roadmap outlining short-term, mid-term, and long-term actions needed to close gaps and achieve maturity goals.</li><li>Prepare comprehensive reports on assessment findings, compliance status, and risk mitigation strategies, presenting them to senior leadership and relevant stakeholders.</li><li>Serve as a subject matter expert on cybersecurity, advising organizations on compliance and best practices.</li><li>Assist members of the Governance, Risk, and Compliance team to answer technical inquiries from auditors and clients.</li><li>Recommend emerging security technologies/tools to address current and future threats.</li><li>Interact and handle vendors, outsourcers, and contractors regarding security products and services.</li><li>Conduct performance and efficacy testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted.</li><li>Serve as a trusted advisor, collaborating closely with clients to understand their unique challenges and providing expert guidance on cybersecurity and risk management.</li><li>Manage end-to-end delivery of client engagements, from scoping through execution.</li><li>Assist clients in developing / enhancing their cybersecurity strategies and multi-year implementation roadmaps, in alignment with their risk landscape.</li><li>Provide support in the design and implementation of cybersecurity governance frameworks and policies.</li><li>Conduct comprehensive risk assessments to identify and prioritize cyber risks and develop risk management strategies to mitigate risks effectively.</li></ul><p><b>Understanding and experience is preferable but not mandatory.</b></p><ul><li>Understanding of Security Configuration Review: Conduct in-depth security configuration reviews for firewalls, routers, switches, servers, and other security devices.</li><li>Review and assess firewall rulesets, identifying redundant, outdated, or overly permissive rules, and recommend necessary optimizations.</li><li>Ensure that firewall configurations follow the principle of least privilege and are aligned with security best practices.</li><li>Understanding of File Integrity Monitoring (FIM): Experience in deploying FIM solutions and monitoring changes in critical system files, directories, and configurations.</li><li>Experience in continuous monitoring of file changes and generating alerts for unauthorized modifications.</li><li>Analyze and report on FIM alerts, working with clients to remediate suspicious activity.</li><li>Provide recommendations for improving FIM configurations based on threat landscape and compliance requirements.</li><li>Integrate FIM with security operations tools such as SIEM to enhance visibility and threat detection.</li><li>Antimalware: Assess client environments to recommend the best-fit antivirus and anti-malware solutions.</li><li>Implement and configure antivirus/anti-malware software across endpoints, servers, and network devices.</li><li>Monitor and maintain antivirus solutions, ensuring timely signature updates, patches, and upgrades.</li><li>Integrate antivirus systems with SIEM and other security tools to enhance threat detection and response capabilities.</li><li>Develop strategies for malware incident response, including investigation, containment, and remediation.</li><li>Understanding of Web Proxy: Deploy, configure, and maintain web proxy solutions to filter and monitor client internet traffic, ensuring compliance with internal and regulatory requirements.</li><li>Set up content filtering policies, block malicious websites, and protect against web-based threats like malware, ransomware, and phishing.</li><li>Monitor and analyze web traffic patterns to identify and respond to suspicious activities and security incidents.</li><li>Email Gateway: Configure, deploy, and manage secure email gateways (SEG) to prevent email-borne threats such as phishing, malware, and spam.</li><li>To ensure effective filtering of incoming and outgoing email traffic in compliance with cybersecurity best practices and client-specific security policies.</li><li>Design and deploy DLP policies and controls to prevent unauthorized data access, transfer, and leakage.</