Cybersecurity Consultant

About the Role

Cybersecurity Implementation & Business Integration

• Lead the implementation of cybersecurity controls and architectures across business and technology domains.
• Embed cybersecurity requirements into:
• Business processes
• Application and infrastructure delivery lifecycle
• Operational and production change activities
• Work closely with business, IT, and security teams to ensure security is built-in, not bolted-on.

Change Management & Requirements Review

• Actively participate in formal change management processes, including:
• Review and assessment of technology and infrastructure changes
• Security impact analysis for standard, normal, and emergency changes
• Input into change approvals to ensure security risks are identified and mitigated
• Review and assess Business Requirement Documents (BRDs), functional specifications, and solution designs to ensure cybersecurity requirements are clearly defined and addressed.
• Validate that approved security requirements are effectively implemented as part of change execution.

Architecture & Control Operationalization

• Translate cybersecurity policies, standards, and regulatory requirements into implementable security architectures, patterns, and control designs.
• Define and enforce:
• Security reference architectures and patterns
• Baseline security configurations
• Defense-in-depth and zero-trust models
• Ensure security architectures are adopted and executed consistently across projects and change initiatives.
• Hands-On Security Design & Delivery ( advisory only, implementation will be done by engineer):
• Design, review, and oversee implementation of security controls, including:
• Firewalls, WAF, IDS/IPS, and DDoS protection
• Secure Email Gateways and API Security Gateways
• VPN, SD-WAN, and Network Access Control (NAC)

• Endpoint Security, EDR/XDR

• Identity and Access Management (IAM)
• SIEM and centralized logging platforms
• Drive system, platform, and cloud hardening across operating systems, databases, virtualization platforms, containers, and cloud services**.**

Cloud, Platform & Infrastructure Security

• Implement and standardize security controls across hybrid environments (on-prem, private cloud, and public cloud – OCI / Azure / GCP).
• Secure virtualized and containerized platforms (VMware, Hyper-V, Kubernetes, OpenShift).
• Integrate cloud-native and third-party security services into enterprise platforms.

Security Operations Enablement

• Work with SOC and operations teams to ensure security controls are monitorable, operable, and effective.
• Integrate SIEM and SOAR capabilities to support detection, response, and continuous improvement.
• Support incident investigations and ensure lessons learned are incorporated into control and architecture improvements.

Risk, Compliance & Assurance

• Ensure cybersecurity implementation aligns with regulatory and industry standards, including:
• SAMA CSF
• NCA ECC
• SWIFT CSP
• PCI DSS
• Conduct threat modelling and risk and support mitigation measures**.**

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• 8+ years of experience in cybersecurity with strong exposure to change-driven environments.
• Proven experience in banking or other highly regulated environments.

• Cissp, Ccsp, Cism

• Cloud or security architecture certifications (SABSA, TOGAF, OCI, Azure, or GCP)

Key Attributes

• Strong execution mindset with attention to detail during change and release cycles.
• Comfortable reviewing BRDs, solution designs, and change requests.
• Ability to assess risk and make pragmatic security decisions under delivery timelines.
• Clear communicator with strong documentation and stakeholder coordination skills.
• High ownership and accountability in complex, regulated environments.

Why Join

• Play a key role in embedding cybersecurity into business change and delivery processes.
• Work on enterprise-scale hybrid environments within a highly regulated banking sector.
• Competitive package with renewal potential and exposure to advanced security technologies.
• **Location:** Riyadh, Saudi Arabia (On-site at client)
• **Contract:** 1 year (with possibility of extension)