Chief Information Security Officer (CISO)

About the Role

requirements

Cybersecurity Strategy & Governance

• Develop, implement, and maintain the company’s cybersecurity strategy, policies, standards, and procedures.
• Ensure cybersecurity governance frameworks are aligned with SAMA CSF, NCA regulations, and industry best practices.
• Establish and maintain cybersecurity architecture to ensure security requirements are embedded across technology solutions and platforms.
• Define and monitor cybersecurity Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
• Provide regular cybersecurity reports and updates to senior management and the Board of Directors.

Cybersecurity Risk Management

• Establish and oversee the cybersecurity risk management framework and processes.
• Conduct periodic cybersecurity risk assessments and ensure mitigation plans are implemented.
• Ensure cybersecurity risks are appropriately identified, assessed, monitored, and reported.
• Maintain information and system classification frameworks to protect data assets according to their criticality and sensitivity.

Security Operations & Incident Management

• Oversee Security Operations Center (SOC) activities, threat monitoring, and vulnerability management programs.
• Lead cybersecurity incident response activities and ensure timely escalation and reporting to regulators when required.
• Gather and analyze cyber threat intelligence to proactively identify and mitigate emerging threats.
• Ensure effective monitoring, detection, and response capabilities are maintained across the organization.

Regulatory Compliance & Assurance

• Ensure compliance with SAMA Cyber Security Framework (CSF), NCA Essential Cybersecurity Controls (ECC), and internal policies.
• Support regulatory audits, cybersecurity assessments, and compliance reviews.
• Act as the primary cybersecurity liaison with regulators and external auditors.
• Ensure timely remediation of audit findings, vulnerabilities, and regulatory observations.

Cloud & Third-Party Security

• Oversee cloud security governance and ensure cloud environments comply with regulatory and security requirements.
• Conduct security reviews and risk assessments of third-party service providers and vendors.
• Ensure outsourcing arrangements and technology providers meet contractual, cybersecurity, and regulatory obligations.

Security Awareness & Leadership

• Lead cybersecurity awareness and training programs across the organization.
• Build, mentor, and manage the cybersecurity team, ensuring appropriate skills development and professional growth.
• Foster a security-first culture throughout the organization.
• Provide strategic cybersecurity guidance to business and technology stakeholders.

Key Competencies

• Strong leadership, governance, and stakeholder management skills.
• Deep understanding of cybersecurity risk management and regulatory compliance.
• Ability to translate complex cybersecurity concepts into business-focused recommendations.
• Excellent analytical, problem-solving, and decision-making capabilities.
• Strong communication and presentation skills.
• Experience managing cybersecurity programs within highly regulated environments.
• Ability to lead incident response and crisis management activities.

& Experience

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (Master’s degree preferred).
• 7–10 years of experience in cybersecurity, information security, or technology risk management.
• Minimum 3 years in a cybersecurity leadership or management role.
• Strong knowledge of SAMA Cyber Security Framework (CSF), NCA Essential Cybersecurity Controls (ECC), cloud security, and cybersecurity governance.
• Experience within financial services, fintech, banking, or other regulated sectors is highly preferred.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are highly desirable.
• Excellent communication skills in Arabic and English (written and verbal).

Reporting & Governance

• Reports directly to the Chief Executive Officer (CEO).
• Maintains independent access to the Board of Directors for cybersecurity matters.