IT Security Manager

JOB SUMMARY

Highly experienced IT Security & Risk Management Manager to lead our fintech company’s cybersecurity strategy, risk management framework, and compliance initiatives.

As a regulated entity under the Central Bank of Oman, this role is crucial in ensuring regulatory compliance, protecting digital assets, and mitigating cyber threats.

The ideal candidate will provide strategic direction and report directly to the Board of Directors, ensuring transparency in security governance and risk exposure.

KEY RESPONSIBILITIES

• Develop and implement a comprehensive IT security and risk management strategy aligned with business objectives and regulatory requirements.
•  Oversee the identification, assessment, and mitigation of cybersecurity risks.
•  Establish policies, procedures, and security controls to safeguard digital assets, data, and infrastructure.
• Ensure compliance with Central Bank of Oman regulations (CSRF) and industry standards (e.g., ISO 27001, PCI DSS, GDPR, NIST, SOC 2).
•  Conduct regular security audits, vulnerability assessments, and penetration testing.
•  Ensure business continuity and disaster recovery plans are in place and regularly tested.
•   Oversee the security operations center (SOC) and incident response team.
•  Provide regular risk assessment reports and cybersecurity updates to the Board of Directors.
• Collaborate with IT, legal, and compliance teams to integrate security into all business processes.
• Lead vendor and third-party risk management programs.
• Foster a security-aware culture through training, awareness programs, and best practices.

REQUIRED SKILLS

•  Proven experience as an IT Security & Risk Management Manager in a regulated fintech or banking environment.
•  Strong understanding of Central Bank of Oman regulations, CBO’s Cyber Security Resilience Framework, cybersecurity frameworks, risk management methodologies, and compliance standards.
•  Expertise in network security, cloud security, identity and access management (IAM), and threat intelligence.
•  Experience leading security teams and managing large-scale security initiatives.
• Ability to communicate complex security risks and strategies to non-technical stakeholders, including the Board.
• Strong decision-making and crisis management skills.