Senior Cybersecurity Lead

Company description

Hams.AI is an AI company building enterprise automation platforms for large organizations across Saudi Arabia and the region.

We work with organizations in government, healthcare, insurance, telecom, financial services, energy, and other regulated sectors where cybersecurity, privacy, reliability, operational control, and regulatory compliance are critical.

Through our Unified Communication Platform and Agentic Platform, Hams.AI helps enterprises automate customer interactions, internal workflows, service processes, and data-driven decisions across multiple channels and systems.

Our platform is hosted entirely within Saudi Arabia and is designed for real operational environments that require accuracy, speed, integration readiness, security awareness, and measurable business impact at scale.

As Hams.AI continues to grow and onboard more regulated enterprise and government clients, we are looking for a Cybersecurity & Compliance Lead to own our security and regulatory program end-to-end.

We’re seeking a Cybersecurity & Compliance Lead who will be the single point of accountability for cybersecurity and regulatory compliance at Hams.AI.

This role reports directly to the CTO and will own the company’s cybersecurity governance, regulatory compliance, client security engagements, audit readiness, privacy program, incident response, and security awareness initiatives.

This is a high-ownership role for someone who understands Saudi regulatory requirements, enterprise security expectations, and how to operationalize cybersecurity controls in a fast-growing AI company.

What you will own

1.

Own the NCA compliance program, maintain alignment with the applicable NCA cybersecurity frameworks, including ECC, CCC, and DCC, and lead the path to formal NCA audit certification.

2.

Own the PDPL program, act as the company’s privacy lead under the Saudi Personal Data Protection Law, Royal Decree M/19, as amended by M/148, and maintain the Personal Data Protection Policy, RoPA, sub-processor list, and DPIA support.

3.

Own the security policy set, including Information Security Policy, Acceptable Use, Access Control, Change Management, Incident Response, Vulnerability Management, Backup and Recovery, and HR security procedures.

4.

Own the Personal Data Breach Notification Procedure, run tabletop exercises, lead live incident response, and fulfill the twenty-four-hour Controller notification commitment.

5.

Own client cybersecurity engagements, including responding to client risk assessments, NCA controls mappings, security questionnaires, and DPIAs, and representing Hams.AI in client security reviews.

6.

Lead the independent third-party audit program, engage external auditors for penetration testing and NCA-aligned audits, track findings to closure, and report to the CTO and clients.

7.

Own the security awareness program, including onboarding security orientation, phishing simulations, ongoing training records, and role-specific training for engineering, DevOps, and AI teams.

8.

Own the cybersecurity supervisory committee, establish and run the formal committee, and document its charter, members, minutes, and decisions.

9.

Maintain the risk register, including formal risk methodology, risk register, risk treatment plans, and periodic review.

10.

Lead the JML, Joiner, Mover, Leaver, process for cybersecurity controls, including access provisioning, background screening for privileged roles, and same-day offboarding.

1.

A meaningful security and compliance foundation is already built.

You will:

2.

Inherit a complete NCA controls mapping covering the applicable frameworks, including ECC, CCC, and DCC.

3.

Inherit the PDPL Compliance Documentation and the Personal Data Breach Notification Procedure, CTO-approved, and operationalize them.

4.

Take ownership of the third-party penetration test program and the cadence of recurring engagements.

5.

Take ownership of the security architecture documentation and ongoing maintenance.

6.

Lead the planned formal NCA-aligned audit and the path to certification.

Build out the cybersecurity team as the company scales, with this role growing into Head of Cybersecurity over time.

At Hams.AI, you’ll own a critical function in a fast-growing AI company working with enterprise, government, and regulated-sector clients.

You will lead the security and compliance foundation that enables Hams.AI to scale responsibly, pass enterprise risk assessments, meet Saudi regulatory expectations, and support mission-critical AI automation use cases across the region.

This is a role for someone who wants ownership, direct leadership visibility, and the opportunity to build a cybersecurity function that grows with the company.

Apply here: https://form.asana.com/?k\=6tMk1eDYFT7CjI7v_n3Meg&d\=1210838775195077