****Please note that this position is based in The Middle East, Expatriation Benefits Apply!***

The Cyber Security Specialist is responsible for protecting the organisation’s information systems, clinical systems, and SAP landscape against cyber threats. The role ensures the confidentiality, integrity, and availability of patient, clinical, and business data while maintaining compliance with Saudi Arabian regulatory requirements and international cybersecurity standards.

This role plays a critical part in safeguarding a mission?critical healthcare environment, supporting SAP security operations, and strengthening the organisation’s overall cybersecurity posture.

Key Responsibilities Cyber Security Operations

• Monitor, detect, investigate, and respond to cybersecurity threats, incidents, and vulnerabilities across hospital systems, networks, and applications.
• Implement and maintain security controls to protect enterprise systems, including SAP environments and integrated third?party applications.
• Perform regular vulnerability assessments, penetration testing coordination, and security reviews.
• Support incident response processes, including root cause analysis and remediation actions.

SAP Security

• Manage SAP security roles and authorisations, ensuring segregation of duties (SoD) and compliance with best practices.
• Monitor SAP system logs, access controls, and security configurations to prevent unauthorised access or data breaches.
• Support SAP audits, security reviews, and continuous improvement initiatives.
• Collaborate with SAP functional and technical teams to embed security by design.

Governance, Risk & Compliance

• Ensure compliance with Saudi Arabian regulations and standards, including NCA, PDPL, CITC/CSA, and healthcare?specific requirements.
• Support internal and external audits, preparing evidence and addressing audit findings.
• Maintain and enhance information security policies, standards, and procedures.
• Conduct risk assessments and contribute to organisational risk mitigation strategies.

Data Protection & Healthcare Security

• Protect sensitive health and patient data in line with healthcare data privacy and protection requirements.
• Ensure secure access to clinical systems, EHR/HIS platforms, and connected medical devices where applicable.
• Support data loss prevention (DLP) and identity and access management (IAM) initiatives.

Awareness & Collaboration

• Promote cybersecurity awareness across the organisation through training and best?practice guidance.
• Work closely with IT Infrastructure, SAP, Clinical Systems, and Compliance teams to ensure end?to?end security coverage.
• Act as a trusted advisor on cybersecurity risks and controls within a hospital environment.

Minimum Required Qualifications

• Bachelor’s degree in Information Security, Computer Science, IT, or a related field.
• Relevant cybersecurity certifications are advantageous, including:
  • CISSP, CISM, CISA, CEH, or Security+
  • SAP Security or GRC certifications (advantageous)

Minimum Required Experience

• Minimum of 5–8 years’ experience in a cybersecurity or information security role.
• Hands?on experience in securing SAP environments (ECC, S/4HANA, or SAP GRC).
• Experience within healthcare, critical infrastructure, or highly regulated industries is strongly preferred.
• Experience with security tools such as SIEM, IAM, Vulnerability Management, EDR, or DLP solutions.

Required Skills & Attributes

• Strong understanding of cybersecurity principles, frameworks, and standards (ISO 27001, NIST, etc.).
• Knowledge of Saudi cybersecurity and data protection regulations (NCA, PDPL).
• Strong analytical and problem?solving skills with a proactive security mindset.
• Ability to handle sensitive information with discretion, integrity, and professionalism.
• Excellent communication skills, with the ability to engage both technical and non?technical stakeholders.
• Ability to work independently in a high?availability healthcare environment.
• Strong attention to detail and commitment to continuous improvement.

Preferred Attributes

• Experience in a hospital or clinical systems environment.
• Exposure to cloud security, network security, and endpoint security solutions.
• Ability to operate effectively in a fast?paced, 24/7 healthcare setting.