Data Security Manager

About the company

HSBC Saudi Arabia delivers investment banking services to a wide range of corporate and institutional customers across private and public-sector organisations. Its client base includes listed and private companies, establishments, funds, government bodies, and family-owned businesses and offices.

Role overview

The Data Security Manager is accountable for shaping, rolling out, and monitoring information security practices within HSBC Saudi Arabia’s operations. The role also supports awareness around security threats and fraud, contributes to business continuity risk management, and handles data security responsibilities under SMART IT Segregation.

This position covers the full spectrum of information security risk, including data security, threat and incident management, business controls, third-party security, and technical security. It requires strong hands-on technical knowledge, a practical understanding of security controls, and the ability to work closely with business and IT stakeholders.

Core responsibilities

• Take ownership of data security controls and drive their implementation, operation, and ongoing enhancement to protect data confidentiality, integrity, and availability.
• Administer data security platforms and tools such as DLP, classification, encryption, discovery, and monitoring solutions, including tuning, configuration, and optimization.
• Track, identify, and escalate data security incidents, coordinating with SOC and incident response teams through investigation and post-incident review.
• Create and improve reporting, dashboards, metrics, and trend analysis for technical teams and senior leadership.
• Make sure data security controls align with internal policies, legal and regulatory expectations, and audit requirements.
• Lead governance activities such as control ownership, risk assessments, exception reviews, control improvements, and maturity uplift.
• Maintain and refresh data security policies, standards, and procedures so they remain aligned with business needs and current best practices.
• Partner with IT, Security Operations, Legal, Compliance, and business teams to build data security requirements into day-to-day operations.
• Convert technical findings and risks into clear business language, along with recommendations and remediation actions for senior stakeholders.
• Support broader security programmes by balancing technical execution with governance and management oversight.
• Develop information security policies and procedures in line with HSBC group requirements and standards such as ISO and COBIT.
• Oversee compliance with approved policies and security practices to help maintain a secure operating environment.
• Review and analyse monthly Business Risk Information Officer reports to identify policy-related risks for business units.
• Stay current on information security trends, assess threats to infrastructure, systems, networks, and data, and propose improvements.
• Enforce access control and IT security standards while closely tracking exceptions.
• Run the BIRO programme for HSBC Saudi Arabia, ensuring risk assessments are completed and that teams understand how to identify, measure, and mitigate risks.
• Support awareness initiatives such as town halls, marketing campaigns, and informal sessions focused on information security topics.

Technical scope

• Work on cyber security projects and contribute engineering solutions in the data security space.
• Configure and operate DLP platforms and data scanning tools.
• Provide production support for data security technologies such as Symantec, McAfee, and MIP.
• Use Confluence and Jira to manage project and production-support activities.
• Handle stakeholder communication and audit-related coordination effectively.

Requirements

• A degree-level education is expected, and professional credentials such as CISSP, CISA, or CISM are preferred.
• At least 4 to 5 years of experience in data security engineering is required.
• Hands-on exposure to DLP products such as Symantec DLP and SkyHigh DLP, along with deployment of data discovery tools, is needed.
• Practical experience with security for data in motion and/or data at rest is important.
• Background in Agile delivery, project planning, and project management is required.
• Experience handling data incident management is expected.
• Strong stakeholder management, business communication, and audit management skills are essential.
• A technical background with solid understanding of security controls is preferred.
• Experience with security tooling and operational support in an enterprise environment will be valuable.
• Familiarity with policy frameworks, governance, and risk management practices is important.

Additional information

The role holder is expected to support cybersecurity initiatives, assist the CISO and CRO in cyber strategy execution, and advise teams responsible for operating security controls across critical services. They should also help ensure that security risks are assessed properly, mitigations stay within the organisation’s risk appetite, and remediation efforts are followed through.

Knowledge of certifications such as CISSP, CISM, or equivalent is desirable but not mandatory.

The position involves regular collaboration with global and cross-functional teams and requires the ability to explain technical security issues in a clear and practical way to leadership and business teams.