Chief Information Security Officer

Faysal Bank Ltd is seeking a highly skilled and experienced Chief Information Security Officer (CISO) to lead and oversee the cybersecurity strategy and risk management efforts of the organization. The CISO will be responsible for developing and implementing comprehensive security programs to protect the bank’s information assets and ensure compliance with regulatory requirements. This critical leadership role requires a seasoned professional with at least 12 years of experience in cybersecurity, preferably within large organizations such as financial institutions, telecommunications, or technology firms. The CISO will manage a dedicated team of 16 security professionals and work closely with senior management to drive governance frameworks and risk mitigation strategies across the enterprise. The ideal candidate will bring deep expertise in incident response, security awareness training, and the application of industry standards such as the NIST Cybersecurity Framework. They must demonstrate strong capabilities in performing risk assessments, developing risk mitigation plans, and leveraging tools such as Security Information and Event Management (SIEM), BowtieXP, and methods like Fault Tree Analysis and Monte Carlo Simulation. This role demands both strategic vision and operational excellence in managing information security controls and continuously enhancing the organization’s security posture to defend against evolving cyber threats.

Responsibilities

• Develop, implement, and maintain the organization’s cybersecurity strategy aligned with business objectives and regulatory requirements.
• Lead and manage a team of 16 security professionals, providing guidance, mentorship, and performance management to ensure operational efficiency and staff development.
• Conduct comprehensive risk assessments to identify vulnerabilities, threats, and potential impacts, using frameworks such as COSO, ISO 31000, and the Risk Management Framework (RMF).
• Design and enforce security governance frameworks that promote adherence to industry standards and best practices.
• Oversee incident response planning and execution to promptly contain and remediate cybersecurity incidents, minimizing business disruption.
• Implement and maintain Security Information and Event Management (SIEM) systems to continuously monitor and analyze security events across the organization.
• Develop and deliver security awareness training programs to educate employees on cybersecurity risks and promote a security-conscious culture.
• Collaborate with internal stakeholders and external regulatory bodies to ensure ongoing compliance with relevant legal and regulatory obligations.
• Utilize advanced risk mitigation tools such as BowtieXP and analytical methods including Fault Tree Analysis and Monte Carlo Simulation to predict and mitigate potential security risks.
• Drive regular security control assessments to validate the effectiveness of security measures and recommend improvements where necessary.
• Partner with the technology and business units to integrate security considerations into system design and business processes.
• Report regularly to senior management and the board on the status of cybersecurity risks, incidents, compliance status, and risk mitigation activities.
• Stay abreast of emerging cybersecurity trends, threats, and technologies to adapt strategies proactively and maintain a robust security posture.