Requirement:
All Cybersecurity positions must be filled with full-time and experienced Saudi cybersecurity professionals.
Control Implementation Guidelines:
- Appoint full-time and highly qualified Saudi cybersecurity professionals to fill the following job roles and positions
- Head of the cybersecurity function, who is responsible for leading the cybersecurity operations within the organization, setting the vision and direction for cybersecurity, strategies, resources and related activities, and providing insights to the organization's leadership regarding effective cybersecurity risk management methods for the organization.
- Supervisory positions within the cybersecurity function (e.g., managers of departments and functions within the cybersecurity function as per the organizational structure and/or the cybersecurity function governance and operating model approved by the authorization official), and in case there is a vacancy for any supervisory position, an employee is to be assigned to run the operations of the function or department until the supervisory position is filled as per an approved timeline.
- Critical roles within the cybersecurity function that include responsibilities requiring confidentiality and integrity where if not performed as required, it would have negative impacts on the cybersecurity of the organization, its operations, and its systems while also considering the national laws and regulations related to nationalizing the cybersecurity positions within the organization, including direct or indirect employees and contractors (including, but not limited to, royal orders and decrees, orders issued by the Council of Ministers, and official circulars and regulatory orders issued by the National Cybersecurity Authority). The Saudi Cybersecurity Workforce Framework (SCyWF) can be utilized as reference regarding the job positions related to cybersecurity.
- Define the required academic qualifications and years of experience to serve as the head of the cybersecurity function and the supervisory and critical job roles and positions. For example, but not limited to
- Developing a job description of the head of the cybersecurity function position to include the minimum required number of years of experience and related fields, and the appropriate academic qualifications, and appropriate training and professional certificates in the cybersecurity and technical fields relying on The Saudi Cybersecurity Workforce Framework (SCyWF)
Expected Deliverables:
- A detailed list of all personnel (direct or indirect employees and contractors), whose work is related to cybersecurity, that includes names, nationality, contractual type, position titles, job roles, years of experience, academic and professional qualifications.
- Job descriptions of the head of the cybersecurity and the supervisory and critical positions related to cybersecurity relying on The Saudi Cybersecurity Workforce Framework (SCyWF)
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.