{bc}
linkedin

CISO

Robert Walters
Jiddah, KSA
fulltime
Director
Today
cybersecurityinformation securityCISOsecurity strategyrisk managementincident response
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

cybersecurityinformation securityCISO
Smart Apply

Full Job Posting

Overview

  • The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
  • This role is critical and must oversee the Security of both Information Technology and Operational Technology.
  • This leader will ensure compliance with the National Cybersecurity Authority (NCA) regulations and align security initiatives with Saudi Vision 2030 digital transformation goals.

Strategy & Governance

  • Develop and implement a comprehensive cybersecurity strategy that aligns with the operational goals and safety standards.
  • NCA Compliance: Ensure full compliance with the Saudi National Cybersecurity Authority (NCA) regulations, specifically the Essential Cybersecurity Controls (ECC) and Critical Systems Cybersecurity Controls (CSCC).
  • Develop and enforce security policies, standards, and procedures for both corporate and industrial networks.
  • Report the state of cybersecurity directly to the Board of Directors and Executive Committee.

It And Ot Convergence & Critical Infrastructure Protection

  • OT Security - Oversee the protection of Industrial Control Systems (ICS), signaling systems (e.g., ERTMS/ETCS), and rolling stock operational data.
  • Bridge the gap between IT and Engineering/Operations teams to ensure a unified security posture.
  • Conduct regular threat modeling for critical infrastructure to prevent cyber-physical attacks.

Risk Management & Incident Response

  • Manage the Cyber Security Operations Center (CSOC) and ensure 24/7 monitoring of threats.
  • Lead the Incident Response Team (IRT) in the event of a breach, minimizing operational downtime and reputational damage.
  • Conduct regular vulnerability assessments and penetration testing on booking systems, mobile apps, and control networks.

Data Privacy & Vendor Management

  • Ensure compliance with the Saudi Personal Data Protection Law (PDPL) regarding passenger and employee data.
  • Oversee Third-Party Risk Management (TPRM), ensuring that supply chain partners (locomotive manufacturers, signaling vendors, maintenance providers) meet security standards.

Required

  • Minumum 10 years of experience in Information Security, with at least 4 years in a leadership role (CISO, Head of Security, etc.).
  • Experience in Critical Infrastructure sectors.
  • Proven experience managing OT/ICS security environments (SCADA, PLC security).
  • Any 2 Certifications - CISSP, CISM, CISA or GICSP ((Global Industrial Cyber Security Professional).
  • Deep understanding of NCA frameworks (ECC, CSCC, DCC).
  • Strong understanding of Cloud Security (Azure/AWS) and IoT security.
  • The ideal candidate must possess deep knowledge of Saudi National Cybersecurity Authority (NCA) regulations, specifically ECC and CSCC standards.
  • Due to the critical nature of the role, Saudi Nationals are strongly preferred in alignment with Vision 2030 and Nitaqat requirements.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Robert Walters