CISO / IT & Systems Governance Lead

Our client is a leading international organization delivering a strategic, large-scale infrastructure program in Saudi Arabia.

The organization operates in a multi-partner environment and requires robust cybersecurity governance across all IT and operational systems.

You will be responsible for shaping and leading the organization s cybersecurity strategy, policies, risk management, and compliance programs.

This is a senior leadership role with regulatory oversight responsibilities and a focus on ensuring comprehensive protection of critical systems and data.

Cybersecurity Strategy & Governance Develop and implement a comprehensive cybersecurity strategy aligned with organizational goals.

Establish and enforce policies, standards, procedures, and governance frameworks across IT and operational systems.

Provide regular cybersecurity risk reporting to senior leadership.

Risk Management & Incident Response Oversee security operations, including monitoring, detection, and incident response.

Lead incident response activities to ensure rapid containment and recovery.

Coordinate vulnerability assessments and penetration tests across IT systems and critical platforms.

Compliance & Regulatory Oversight Ensure alignment with national cybersecurity regulations, including essential controls and standards.

Collaborate with internal teams and external partners to maintain compliance.

Monitor and report on cybersecurity posture and metrics.

Third Party & Data Security Ensure vendor and partner compliance with cybersecurity obligations.

Oversee data protection practices, including personal and sensitive data.

University degree in Computer Science, Engineering, Information Security, or a related field.

8+ years in cybersecurity, with at least 3 years in leadership roles.

in regulatory compliance frameworks and governance.

Exposure to IT/OT convergence, operational systems, or critical infrastructure environments is a plus.

Certifications (at least one required) CISSP, CISM, or CRISC Technical & Regulatory Knowledge Strong understanding of cybersecurity frameworks (ISO 27001, NIST) and national regulations.

Knowledge of cloud security platforms (Azure, AWS) and IoT security.

Ability to translate regulatory requirements into actionable governance and oversight.