Company: Al Suroor United Group (ASUG)
Location: Saudi Arabia
Department: IT / Digital Transformation
Reports To: Group General Manager / Executive Management
Job Summary
The IT & Cybersecurity Compliance Officer will be responsible for ensuring ASUG’s full compliance with Saudi Aramco Cybersecurity Compliance Certificate (CCC) requirements and other applicable Saudi cybersecurity regulations. The role will oversee IT security governance, manage audits, secure IT infrastructure, and ensure the company maintains readiness for third-party compliance assessments.
This role is critical to enabling ASUG’s participation in Aramco-related projects, vendor registrations, and strategic contracts.
Key Responsibilities
1. Saudi Aramco CCC Compliance Management
• Lead ASUG’s CCC certification and renewal process.
• Prepare and manage all documentation required for Aramco cybersecurity audits.Coordinate with approved Aramco cybersecurity audit firms.
• Conduct gap assessments against Aramco Third-Party Cybersecurity Standards.
• Ensure continuous compliance and readiness for inspections.
2. IT Governance & Risk Management
• Develop and implement cybersecurity policies aligned with Aramco requirements.
• Establish IT risk assessment frameworks across ASUG and its subsidiaries.
• Implement internal controls to safeguard company systems and data.
• Maintain evidence logs, compliance reports, and audit documentation.
3. Infrastructure & Systems Security
• Secure company networks, servers, cloud systems, and endpoints.
• Manage:
o Firewall configuration
o VPN & secure remote access
o Email security (Microsoft 365 / Exchange)
o Endpoint protection & EDR
• Implement backup, disaster recovery, and business continuity planning.
4. Regulatory & National Compliance
• Ensure compliance alignment with:
o Saudi Aramco CCC
o National Cybersecurity Authority (NCA) ECC (where applicable)
o ISO 27001 best practices
• Monitor updates in Saudi cybersecurity regulations.
5. Internal Awareness & Control
• Implement and enforce Acceptable Use Policy (AUP).
• Conduct cybersecurity awareness training for ASUG staff.
• Monitor and respond to security incidents.
• Ensure vendor and third-party IT security compliance where required.
Required Qualifications
• Bachelor’s degree in IT, Cybersecurity, or related field.
• 3–5+ years of experience in IT security and compliance.
• Direct experience handling Saudi Aramco CCC certification (mandatory).
• Experience working with Saudi-based organizations subject to regulatory compliance.
• Strong documentation and audit-handling capability.
Preferred Certifications
• ISO 27001 Lead Implementer / Lead Auditor
• CISSP
• CISM
• CEH
• CompTIA Security+
Technical Competencies
• Network & Firewall Security
• Microsoft 365 & Azure Security Controls
• Risk & Vulnerability Assessment Tools
• SIEM Monitoring
• Endpoint Detection & Response
• Backup & Disaster Recovery Systems
Behavioral Competencies
• High integrity and confidentiality
• Strong reporting and documentation skills
• Ability to coordinate with executive management
• Proactive risk identification
• Strong communication skills (English required; Arabic preferred)
Key Performance Indicators (KPIs)
• Successful CCC certification & renewal
• Zero major non-conformities during audits
• Timely closure of compliance gaps
• 100% cybersecurity documentation readiness
• Zero critical security incidents
- Transferable Iqama
- Willing to Transfer anytime
Send your updated CV to [email protected] and cc to [email protected]
NO CALLS allowed, automatic will be BLOCKED!