Senior Cybersecurity Certification & QMS Specialist

The Senior Cybersecurity Certification & QMS Specialist is responsible for managing and continuously improving the quality management system (QMS) that governs cybersecurity certification schemes. The role ensures compliance with international standards and regulatory requirements while enhancing the efficiency, consistency, and reliability of certification processes.

This position combines expertise in cybersecurity certification with strong quality assurance and audit capabilities, including conducting internal audits, managing documentation, and driving corrective and preventive actions. The specialist works closely with technical teams and stakeholders to maintain high standards of certification, support governance activities, and align processes with evolving industry frameworks and best practices.

• Planning, implement, monitoring, improvement and
  maintenance of quality management system for the different schemes in NISCF.
  
• Ensure that the internal process complies with
  relevant national and international regulations, guidelines.
  
• Review the quality of technical content.
  
• Continuously assess and improve the efficiency
  and effectiveness of the certification process.
  
• Oversee the documentation and record -keeping
  processes to ensure that all records are accurate, complete, and readily
  accessible. Ensure that the QMS documentation is up -to -date.
  
• Plan and conduct internal audits and reviews of
  the certification process to verify compliance with established procedures and
  to identify opportunities for improvement.
  
• Plan and organize scheme management review
  meetings.
  
• Review the quality of scheme documents i.e.
  manuals, policies, procedure, forms, templates etc.
  
• Implement corrective and preventive actions to
  address non -conformities and improve the QMS. Ensure that corrective actions
  are taken when issues are identified.
  
• Monitoring the changes of requirements (i.e.
  International Standards (ISO17021, 17024, 17065, 17025, 27006, 9001), National
  Standards)
  
• Assisting with the development of policies,
  standards, procedures and guidance based on audit findings
  
• Ensuring that the highest standards of
  competence and impartiality are maintained, and that consistency is achieved
  across all evaluation and certification activities;
  
• Possess a deep understanding of Common Criteria
  standards, Protection Profiles, Security Targets, Evaluation Assurance Levels
  (EALs), and related documentation
  
• Provide guidance and mentorship to CB team
  members Certifiers and evaluators, ensuring their understanding of the
  certification process and helping them with complex evaluations.
  
• Assisting with the development of policies,
  standards, procedures and guidelines.
  
• Make recommendations regarding certification at
  specific Evaluation Assurance Levels (EALs) based on extensive evaluation
  expertise and knowledge of the certification process.
  
• Stay up -to -date with the latest developments in
  security, emerging threats, and evolving technology to ensure the certification
  process remains relevant.
  

Requirements

• A university Master’s degree -level qualification
  in IT, information security or a related field. ideally with a focus on
  security domains
  
• Certification from a recognized Common Criteria
  certification body and previous experience as a Certifier is desired
  
• IT Security Overview Training and certification
  
• Common Criteria for IT Security Evaluation
  Training and certification
  
• Minimum10 years experience
  
• 5 minimum years of work experience as a Senior
  IT / Information Security / Cyber Security Auditor and/or Risk Management
  and/or Cyber Security/Information Security Management.
  
• Proficiency in Arabic and English (spoken and
  written) is preferred
  

• Analytical and problem -solving skills
  
• Proven experience in IT and Information Security
  Assessment
  
• Common
  Criteria for IT Security Evaluation Training
  
• Experience in Risk Assessment and management.
  
• Should
  have hands on experience in information security
  
• Understanding of ISO27001 certification audit
  requirements
  
• Excellent communication, documentation, and
  report -writing skills.
  
• In -depth knowledge of security testing
  methodologies and tools.
  
• Have analytical & assessment experience of
  formal schemes and can assess a situation in a fair and objective manner in
  order to arrive at a firm conclusion.
  
• Have training, workshops planning and delivery
  experience across Government & private sector
  
  

Technical:

• Proven experience in IT, Information Security
  and Quality management Audit.
  
• Should have hands on experience in information
  security, cyber security & Quality management systems.
  
• Experience in Risk management and GAP analysis.
  
• Experience briefing senior executive staff
  
• Experience in Risk Assessment and management
  including audit methodologies and risk assessment methodologies
  

Behavioural:

• Ability to multitask and work effectively with
  multiple project teams, sponsors, and customers.
  
• Ability to pay close attention to detail, meet
  deadlines and work under pressure.
  
• Interpersonal skills
  
• Work autonomously with a high degree of
  enthusiasm
  

Specific:

• Excellent technical report writing skills.
  
• Have capabilities to understand and interpret
  the Certification Criteria (ISO/ IEC 17021, ISO/ IEC 17024, ISO/ IEC 27006 and
  ISO/IEC 17065).
  
• Knowledge of auditing and information assurance
  standards like ISA, ITAF, ISO17021, ISO19011.
  
• Proficiency in security frameworks and standards
  like, ISO27001, NIA, CSF Q2022.
  
• Familiarity with third -party audit,
  Certification and Information Security / Cyber Security audits.
  
• Proven, hands on, experience in Information
  Security Audit or Information Security Management