VP - Cybersecurity

Overview

Go-to-Market & Strategy

• Develop and execute a comprehensive GTM strategy for the Cybersecurity Practice across MENA, aligned to the full range of cybersecurity services ZainTECH can position to clients, and identifying priority market segments (banking and financial services, government and public sector, oil and gas, healthcare, telco, and large enterprise), client profiles, and competitive differentiators.
• Build and evolve a structured cybersecurity service offering portfolio combining advisory, professional services, and managed services across the following service families:
• + Identity & Access Management (IAM), covering SSO, MFA, IGA, PAM, and Zero Trust Network Access
• + Infrastructure & Network Security, covering next-generation firewall, anti-DDoS, segmentation, SASE, and AI-driven network threat defence
• + Endpoint & Workload Security, covering EDR and XDR, vulnerability management, continuous patching, and cloud workload protection
• + Application & Data Security, covering secure software development lifecycle, application security testing, API security, data protection, DLP, and encryption
• + Advisory, Governance, Risk & Compliance (GRC), covering regulatory advisory, control frameworks, risk quantification, and audit readiness
• + Security Operations (SOC), covering 24x7 monitoring, SIEM and SOAR, threat intelligence, threat hunting, incident response, and digital forensics
• Define and refine the consumption model for each service family, structuring offerings into tiered propositions (from foundational to premium) that allow clients to adopt capabilities progressively while creating clear upsell and cross-sell motions.
• Translate advisory outcomes into recurring managed services pipeline, ensuring each consulting engagement is designed to surface ongoing managed service opportunities wherever appropriate.
• Shape the evolution of ZainTECH's Security Operations Centre (SOC) services, including MDR, MSSP, threat intelligence, threat hunting, incident response, and digital forensics, positioning them as the regional reference in 24x7 monitoring and response.
• Drive thought leadership through publications, speaking engagements, and industry events (GISEC, Black Hat MEA, GITEX, MENA ISC, RSA) to enhance ZainTECH's brand and market presence as a trusted cybersecurity partner.
• Represent ZainTECH in regulator and industry forums engaging with bodies such as NCA and SDAIA in KSA, CST, NESA and the UAE Cyber Security Council, CITC, NCSC Kuwait, CBB, NCA Jordan, and sector regulators including SAMA, CBUAE, DFSA, and FSRA.

Business Development & Sales

• Take full ownership of the practice's revenue and profitability, meeting and exceeding assigned targets across advisory, professional services, and managed security services lines.
• Proactively identify and cultivate new business opportunities with enterprise clients, government entities, and critical national infrastructure operators, leveraging personal networks and leading the end-to-end sales cycle for strategic accounts.
• Build and nurture C-level relationships with key clients (CISOs, CIOs, CROs, CDOs, Heads of Risk and Compliance), acting as a trusted advisor on their cyber resilience, zero trust, and regulatory compliance journeys.
• Lead the development of compelling proposals, statements of work (SOWs), and commercial models for large-scale, complex engagements including SOC build and transform, SIEM and SOAR modernisation, identity and access transformation, cloud security programs, and OT cybersecurity deployments.
• Embed MEDDPIC qualification discipline across the practice pipeline and ensure rigorous opportunity scoring, forecast accuracy, and win/loss analysis.
• Partner with country Geography Leaders across the three ZainTECH clusters (Saudi Arabia, Other GCC, Egypt and Jordan) to localise the GTM motion and ensure coverage against named accounts.

Partnerships & Alliance Management

• Identify, cultivate, and manage strategic partnerships with leading cybersecurity technology vendors across platform, detection, identity, cloud, and OT domains, including Microsoft, Palo Alto Networks, Fortinet, Cisco, CrowdStrike, SentinelOne, Splunk, IBM, Tenable, Rapid7, Zscaler, Okta, CyberArk, Proofpoint, Trellix, Claroty, and Nozomi Networks.
• Develop joint value propositions and co-selling opportunities with hyperscalers (AWS, Azure, Google Cloud, Oracle) on cloud security, data protection, and sovereign cloud offerings relevant to KSA, UAE, and other regulated markets.
• Build and manage relationships with specialist MENA players and emerging technology providers to extend ZainTECH's capability in niche areas such as deception, attack surface management, DRP, and AI security.
• Ensure partner tiering, certification coverage, MDF utilisation, and rebate capture are actively managed to maximise economic contribution from the alliance portfolio.

Delivery & Engagement Oversight

• Provide executive oversight on the delivery of strategic, turnkey cybersecurity programs, including SOC design and build, SIEM and SOAR implementations, zero trust architectures, identity modernisation, data protection and DLP, cloud security posture management, and OT and IoT security.
• Oversee the run and operate performance of ZainTECH's SOC, including SLA adherence, detection engineering maturity, MTTD and MTTR targets, use case coverage, threat intelligence integration, and continuous service improvement.
• Lead AI-enabled cybersecurity transformation initiatives, spanning:
• + Autonomous SOC capabilities using AI and GenAI copilots for triage, investigation, and response
• + LLM-powered threat intelligence synthesis, correlation, and briefing generation
• + AI-driven fraud detection, insider threat analytics, and user behaviour analytics (UEBA)
• + Automated compliance evidence collection, control testing, and audit readiness
• + GenAI-assisted security engineering for detection content, playbook creation, and policy development
• + AI-enabled phishing defence, deepfake detection, and social engineering resilience
• Serve as the engagement partner for flagship client programs, providing strategic guidance on complex initiatives including regulatory-driven transformations (SAMA CSF, NCA ECC, NCA CCC, NESA IAS, PDPL, GDPR, ISO 27001, PCI DSS, NIST CSF, SWIFT CSP) and sovereign cloud migrations.
• Manage and mitigate risks associated with complex program delivery, particularly in mission-critical environments, while ensuring responsible AI governance, data protection, and ethical handling of sensitive client information
• .

Practice & People Leadership

• Build and lead a high-performing team of security advisors, architects, engineers, SOC analysts, incident responders, forensics specialists, and GRC consultants with deep domain and regulatory expertise across MENA.
• Mentor and develop practice members, providing career guidance and growth opportunities across defined job families including Principal Consultant, Security Architect, SOC Lead, Threat Hunter, Incident Response Lead, and GRC Consultant.
• Contribute to the overall leadership and strategic direction of ZainTECH as a key member of the Executive Leadership Team, working across the broader services portfolio to deliver integrated client outcomes.
• Champion responsible security culture, continuous learning, and certification progression (OSCP, CISSP, CISM, CCSP, SANS GIAC, Azure and AWS security certifications, vendor specialisations) across the practice.

Requirements

• 15+ years of experience in a senior leadership role within a top-tier consulting firm, cybersecurity services company, system integrator, or enterprise CISO function, with significant focus on the MENA region.
• An entrepreneurial spirit and a passion for driving innovation and growth in the rapidly evolving cybersecurity landscape.
• Deep expertise across cybersecurity domains, including:
• + Security Operations, SIEM, SOAR, XDR, threat intelligence, and threat hunting
• + Zero trust architecture, network security, and secure access service edge (SASE)
• + Identity and access management, privileged access management, and identity governance
• + Cloud security across AWS, Azure, GCP, and Oracle, including CSPM, CWPP, and CNAPP
• + Application security, DevSecOps, and software supply chain security
• + Data protection, DLP, encryption, and privacy engineering
• + OT and IoT cybersecurity for energy, utilities, manufacturing, and smart infrastructure
• + Governance, risk, and compliance aligned to MENA regulatory frameworks
• + AI security, securing AI workloads, and GenAI applications in cyber defence
• Proven track record of building and scaling a cybersecurity practice with full P&L responsibility, consistently achieving and exceeding revenue targets, ideally combining advisory, professional services, and managed services lines.
• Demonstrated experience in applying advanced analytics, automation, and AI to solve cybersecurity challenges including:
• + SOC efficiency and analyst productivity (targeting material reductions in MTTD, MTTR, and alert fatigue)
• + Detection engineering and high-fidelity use case development
• + Fraud, abuse, and financial crime analytics for regulated industries
• + Third-party and supply chain risk quantification
• + Continuous controls monitoring and compliance automation
• + Large-scale GenAI deployment for security operations, with measurable OPEX reduction and coverage expansion
• Demonstrable experience in developing and executing successful go-to-market strategies for cybersecurity services in the MENA region, with an understanding of procurement models including managed services, outcome-based contracts, and staff augmentation.
• Extensive network of senior-level contacts across MENA cybersecurity buyers, including CISOs and risk leaders in banking, government, energy, telco, and healthcare, as well as relationships with regulators and industry bodies.
• Strong sales and business development acumen, with a history of leading and winning large, complex deals in SOC transformation, cyber program design, regulatory remediation, and managed security services.
• Experience in forging and managing strategic partnerships with cybersecurity vendors, hyperscalers, and specialist providers, including negotiating commercial and technical co-sell motions.
• Proven ability to oversee the delivery of large-scale, turnkey cybersecurity programs in mission-critical environments, including sensitive government and regulated industry contexts.
• Strong understanding of MENA regulatory and sovereignty requirements, including SAMA CSF, NCA ECC and CCC, SDAIA personal data protection regulations, PDPL, NESA IAS, CBUAE standards, DFSA and FSRA rules, CBB and CBI requirements, and sector-specific frameworks.
• Exceptional leadership and communication skills, with the ability to inspire and motivate teams and build strong client relationships across technical, business, and board-level stakeholders. Fluency in English is required; working proficiency in Arabic is highly desirable.
• An advanced degree (Master's or PhD) in a relevant discipline such as Business Administration (MBA), Cybersecurity, Computer Science, Information Systems, Engineering, or a quantitative field is highly preferred.
• Relevant industry certifications are highly desirable, including:

+ Cissp, Cism, Cisa, Crisc, Ccsp