About the Client We are sourcing on behalf of a General Engineering Company (GEC) that has been delivering comprehensive project management, design, and consultancy services since 1989. They offer full-spectrum services including hospitality consultancy, feasibility studies, architecture, interior design, electromechanical systems, and turnkey project delivery. With extensive international experience, they have successfully completed diverse projects across hospitality, residential, commercial, and master planning sectors.
About the Role The Cybersecuity and Technology Assurance Expert role is designed for a mid-to-senior level professional with deep expertise in technology assurance and regulatory compliance, particularly within the context of Saudi Arabia's cybersecurity landscape. The position focuses on safeguarding information systems by proactively identifying vulnerabilities, implementing robust security controls, and ensuring strict adherence to national cybersecurity regulations, including the National Cybersecurity Authority's Essential Cybersecurity Controls (NCA ECC). This role plays a critical part in maintaining organizational resilience, protecting sensitive data, and supporting ongoing compliance initiatives in a rapidly evolving threat environment.
This role is for Saudi Nationals only.
Key Responsibilities Conduct comprehensive risk assessments and vulnerability analyses across information systems, networks, and applications, with a focus on compliance with Saudi cybersecurity regulations such as NCA ECC. Develop, implement, and maintain security controls, policies, and procedures to ensure the confidentiality, integrity, and availability of organizational assets. Lead technology assurance reviews and audits, providing expert guidance on the effectiveness of security measures and recommending improvements aligned with industry best practices and regulatory requirements. Monitor security events and incidents, utilizing advanced security information and event management (SIEM) tools to detect, analyze, and respond to threats in real time. Prepare detailed reports and documentation for internal stakeholders and regulatory bodies, ensuring all cybersecurity activities are thoroughly recorded and compliant with NCA ECC and related standards. Collaborate with IT, risk management, and compliance teams to integrate cybersecurity requirements into broader technology and business processes. Deliver training and awareness programs to promote a culture of cybersecurity across the organization, emphasizing the importance of compliance and proactive risk management. Stay current with emerging threats, vulnerabilities, and regulatory changes within the Saudi cybersecurity landscape, and proactively adapt security strategies as needed. Support incident response planning and execution, including forensic analysis, root cause investigation, and post-incident reporting. Participate in the continuous improvement of cybersecurity frameworks, leveraging lessons learned and industry developments to enhance organizational resilience.

Required Experience & Skills Demonstrated expertise in cybersecurity, with a strong track record of implementing and managing security controls in accordance with Saudi regulations, particularly NCA ECC. Extensive experience in technology assurance, including conducting security audits, risk assessments, and compliance reviews within complex IT environments. In-depth knowledge of information security frameworks and standards such as ISO/IEC 27001, NIST, and SAMA Cybersecurity Framework, with the ability to map these to local regulatory requirements. Proficiency in using security tools and platforms, including SIEM, vulnerability scanners, endpoint protection, and network monitoring solutions. Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective mitigation strategies. Excellent written and verbal communication skills, capable of preparing clear technical documentation and delivering presentations to both technical and non-technical audiences. Experience in incident response, including investigation, containment, eradication, and recovery processes. Familiarity with cloud security principles, secure software development practices, and third-party risk management. Ability to work collaboratively in cross-functional teams and manage multiple priorities in a fast-paced environment.

Qualifications Bachelor’s degree in Computer Science, Information Security, Information Technology, or a related field. Relevant professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. Proven experience (typically 4+ years) in cybersecurity roles with a focus on regulatory compliance and technology assurance. Deep understanding of Saudi cybersecurity regulations, especially NCA ECC, and their practical application in enterprise environments. Strong commitment to ongoing professional development and staying abreast of industry trends and regulatory updates.

Tools & Technologies Security Information and Event Management (SIEM) platforms (e.g., Splunk, IBM QRadar, Arc Sight) Vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7) Endpoint protection solutions (e.g., Crowd Strike, Symantec, McAfee) Network security tools (e.g., firewalls, IDS/IPS, Cisco, Palo Alto) Compliance management and audit tools Cloud security platforms (e.g., AWS Security Hub, Azure Security Center) Forensic analysis and incident response toolkits Documentation and reporting tools (e.g., Microsoft Office Suite, GRC platforms)
This position offers the opportunity to play a pivotal role in shaping and maintaining the cybersecurity posture of organizations operating within Saudi Arabia. The Cybersecurity Specialist will have a direct impact on regulatory compliance, risk reduction, and the overall security culture, contributing to the resilience and trustworthiness of critical information systems in a dynamic regulatory environment.
By applying to this position, you are granting us permission to process your CV and keep your profile on file for consideration for this and future opportunities.