Cybersecurity Technical Consultant - Riyadh

Riyadh, Saudi Arabia (On-site at client)

Contract: 1 year (with possibility of extension)

Employer: leading Saudi bank

IMPORTANT: IF YOU DO NOT MEET THE CORE REQUIREMENTS DO NOT APPLY.

YOU WILL NOT BE CONSIDERED FOR THIS OR FUTURE ROLES.

We are seeking a Cybersecurity Consultant to support the implementation and operationalization of

cybersecurity across one of the largest banks in Saudi Arabia.

The role sits within the Architecture

Unit and focuses on embedding cybersecurity into business processes, technology delivery, and

operational change activities.

This is a hands-on, delivery-driven role, requiring active participation in change management

processes, including review of business requirements, solution changes, and production, standards, process development to support automation to ensure cybersecurity

are consistently addressed before and during implementation.

 Lead the implementation of cybersecurity controls and architectures across business and

technology domains.

 Embed cybersecurity requirements into:

o Business processes

o Application and infrastructure delivery lifecycle

o Operational and production change activities

 Work closely with business, IT, and security teams to ensure security is built-in, not bolted-

on.

 Actively participate in formal change management processes, including:

o Review and assessment of technology and infrastructure changes

o Security impact analysis for standard, normal, and emergency changes

o Input into change approvals to ensure security risks are identified and mitigated

 Review and assess Business Requirement Documents (BRDs), functional specifications, and

solution designs to ensure cybersecurity requirements are clearly defined and addressed.

 Validate that approved security requirements are effectively implemented as part of change

execution.

 Translate cybersecurity policies, standards, and regulatory requirements into implementable

security architectures, patterns, and control designs.

 Define and enforce:

o Security reference architectures and patterns

o Baseline security configurations

o Defense-in-depth and zero-trust models

 Ensure security architectures are adopted and executed consistently across projects and

change initiatives.

Hands-On Security Design & Delivery (advisory only, implementation will be done by engineer)

 Design, review, and oversee implementation of security controls, including:

o Firewalls, WAF, IDS/IPS, and DDoS protection

o Secure Email Gateways and API Security Gateways

o VPN, SD-WAN, and Network Access Control (NAC)

o Identity and Access Management (IAM)

o SIEM and centralized logging platforms

 Drive system, platform, and cloud hardening across operating systems, databases,

virtualization platforms, containers, and cloud services.

 Implement and standardize security controls across hybrid environments (on-prem, private

cloud, and public cloud – OCI / Azure / GCP).

 Secure virtualized and containerized platforms (VMware, Hyper-V, Kubernetes, OpenShift).

 Integrate cloud-native and third-party security services into enterprise platforms.

 Work with SOC and operations teams to ensure security controls are monitorable, operable,

and effective.

 Integrate SIEM and SOAR capabilities to support detection, response, and continuous

improvement.

 Support incident investigations and ensure lessons learned are incorporated into control and

architecture improvements.

 Ensure cybersecurity implementation aligns with regulatory and industry standards,

including:

o SAMA CSF

o NCA ECC

o SWIFT CSP

o PCI DSS

 Conduct threat modelling and risk and support mitigation measures.

 Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

 8+ years of experience in cybersecurity with strong exposure to change-driven environments.

 Proven experience in banking or other highly regulated environments.

 Cloud or security architecture certifications (SABSA, TOGAF, OCI, Azure, or GCP)

 Strong execution mindset with an attention to detail during change and release cycles.

 Comfortable reviewing BRDs, solution designs, and change requests.

 Ability to assess risk and make pragmatic security decisions under delivery timelines.

 Clear communicator with strong documentation and stakeholder coordination skills.

 High ownership and accountability in complex, regulated environments.