Job Description :Establishes, manages, and maintains organizational structures, communications channels and strong working relationships with those responsible for information security including individuals within NFC and external information security players like SAMA, CITC, outsourcing firms, consulting firms, suppliers, and any other player. Creates a strategic information security plan with a vision for the future of information security at company.Performs and/or oversees the performance of periodic company's risk assessments that identify current and future security vulnerabilities, determines the level of risk that management has currently accepted, and identifies the best ways to reduce information security risks. Examines information security from a cross-organizational viewpoint including company's participation in extranets, electronic data interchange (EDI), ad-hoc Internet commerce relationships, and other new business structures, and makes related recommendations to protect company's information and information systems. Coordinates and directs the development, management approval, implementation, and declaration of objectives, goals, policies, standards, guidelines, and other requirement statements needed to support information security throughout the company. Initiates and manages special projects related to information security that may be needed to appropriately respond to ad-hoc and/or unexpected information security events. Develops action plans, schedules, budgets, status reports and other top management communications intended to improve the status of information security at company. Obtains top management approval and on-going support for all major information security initiatives at Company. Brings pressing information security vulnerabilities/risks to top management's attention so that immediate remedial action can be taken. Represents company and its information security related interests at industry standards committee meetings, technical conferences, SAMA and similar public or closed forums. Performs management and personnel administration functions associated with company's Information Security Department (coaches employees, hires and fires employees, disciplines employees, reviews employee performance, recommends salary increases and promotions, counsels employees, establishes employee task lists and schedules, trains staff, etc.). Attends to any other duties relevant to information security as assigned. Obtain no objection from SAMA to assign the CISO.