Job Title Head of IT Security Contract Type12 Month Fixed Term Contract Location Saudi Arabia, on site
Job Purpose The Head of IT Security is responsible for leading the design, implementation, and operation of enterprise security controls to protect cloud platforms, applications, infrastructure, and data. This role works closely with the Cyber Security function to execute security strategy, manage risk, and ensure full compliance with Saudi regulatory frameworks, with a strong focus on the SAMA Cyber Security Framework.
Key Requirements Summary Must be based in Saudi Arabia Must have hands on experience working under SAMA Cyber Security Framework Banking or regulated financial services experience required Available for a 12 month contract Skills Strong understanding of Saudi and Middle East regulatory requirements. Excellent communication skills with technical and non technical stakeholders. Strong incident response and risk management capability. Proven problem solving and decision making skills. Experience across Windows, Linux, and UNIX environments. Strong background supporting cloud native and digital banking platforms.
Technical Expertise SIEM, EDR, DLP, WAF, IAM, OS security. Cloud security across AWS, Azure, and GCP. Network, database, and application security. Active Directory and container security. Tools such as Zscaler and Sentinel One. Endpoint protection and antivirus solutions. Encryption technologies including Oracle Vault, AWS KMS, and HSM solutions.
Education and Experience Bachelor’s degree in Computer Science, IT, or a security related discipline.14+ years experience managing enterprise security technologies across on prem and cloud.6+ years hands on experience administering security platforms.6+ years experience leading technical security teams. Proven experience working in Saudi regulated environments. Mandatory experience with SAMA Cyber Security Framework. Banking or financial services experience required. Relevant certifications such as CISSP or CISM preferred.
Key Accountabilities Leadership and Team Management Lead and mentor a team of Security Engineers in a regulated banking environment. Set clear objectives, manage performance, and build technical capability. Drive a culture of accountability, execution, and continuous improvement. Security Operations Own and operate SIEM platforms including tuning, alerting, and compliance reporting. Oversee EDR, DLP, vulnerability management, and threat detection tooling. Monitor and respond to security incidents across endpoints, servers, and cloud platforms. Administer IAM, Active Directory, SSO, privileged access, and least privilege enforcement. Manage VPNs and secure access to applications and infrastructure. Implement and manage web security controls including URL filtering and threat protection. Monitor and respond to container security threats. Cloud and Infrastructure Security Implement cloud security controls across AWS, Azure, and GCP environments. Cover OS hardening, patching, logging, monitoring, tagging, and encryption. Manage encryption solutions including KMS, HSM, and vault technologies. Support data center and infrastructure security reviews. Risk, Compliance, and Audit Ensure compliance with SAMA Cyber Security Framework and local regulatory requirements. Lead remediation of findings from SAMA reviews, auditors, penetration tests, and internal assessments. Conduct security risk assessments and control effectiveness reviews. Maintain evidence and reporting required for regulatory inspections. Incident and Vulnerability Management Lead vulnerability scanning and remediation programs. Support incident response including containment, investigation, and recovery. Coordinate penetration testing and closure of identified weaknesses. Stakeholder Management Partner with IT, business, and cybersecurity teams to align security controls with business objectives. Provide security input into IT projects, upgrades, and integrations. Engage stakeholders to align expectations and security requirements. Support security awareness and policy communication across the organisation. Framework and Authority Operates within IT Governance and Saudi regulatory frameworks. Authority over security tooling, technical controls, and operational security decisions within approved governance.