We are seeking an experienced Head of IT Security to lead and manage the bank’s technical security operations. This role is responsible for designing, implementing, and overseeing security controls to protect cloud and on-premise infrastructure, applications, and data, while ensuring full compliance with regulatory frameworks including SAMA Cyber Security Framework and NCA (NCA/NCA-NCA).
The ideal candidate is a hands-on security leader with strong technical depth, proven team leadership experience, and solid exposure to regulated banking environments.
Key Responsibilities Security Leadership & Governance Lead, mentor, and develop a team of Security Engineers, fostering a high-performance and collaborative culture. Define security strategy and roadmap aligned with business objectives and regulatory requirements. Manage manpower planning, performance evaluations, coaching, and continuous development of team members. Collaborate closely with Cyber Security, IT, audit, and regulatory stakeholders. Security Operations & Incident Response Oversee day-to-day security operations including SIEM monitoring, intrusion detection, endpoint protection, and alert triage. Lead incident response activities including containment, investigation, remediation, and recovery. Maintain continuous awareness of emerging threats and recommend improvements to security posture. Cloud & Infrastructure Security Implement and manage security controls across cloud, hybrid, and on-prem environments. Oversee OS hardening, patch management, logging, monitoring, threat detection, and security tagging. Secure cloud platforms including AWS, Azure, and GCP. Monitor and respond to container security threats. Identity, Access & Data Protection Deploy and manage IAM solutions including Active Directory, SSO, RBAC, and least-privilege access. Administer privileged access and authentication mechanisms. Implement and manage Data Loss Prevention (DLP) controls to meet business continuity and RPO/RTO objectives. Manage encryption technologies including Oracle Vault, AWS KMS, and HSM solutions. Compliance, Risk & Audit Ensure compliance with SAMA, NCA, and regional regulatory requirements. Conduct security assessments, audits, vulnerability scanning, and penetration testing. Resolve findings from regulators, auditors, and internal security teams. Participate in data center and physical security audits from a security perspective. Security Tools & Technologies Administer and optimize security platforms including:SIEM, EDR, WAF, DLP, VPN, Endpoint Security Network, application, database, and cloud security tools Manage web security policies such as URL filtering and threat protection. Ensure vulnerability scanning services and remediation processes are maintained.
Qualifications & Experience Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or related field.14+ years of experience in IT / Cyber Security environments.6+ years of hands-on experience managing enterprise security tools (SIEM, EDR, Cloud Security, IAM, etc.).6+ years of experience leading and managing technical security teams. Strong experience across on-premise and Saa S security platforms. Solid exposure to banking or highly regulated environments (preferred). Experience with tools such as Zscaler, Sentinel One, or similar. Relevant certifications such as CISSP, CISM, or equivalent are a plus.
Technical & Professional Skills Strong understanding of security principles, protocols, and best practices. In-depth knowledge of Windows, Linux, and UNIX operating systems. Experience securing agile digital banking platforms. Strong analytical and problem-solving skills. Excellent communication skills with the ability to explain technical concepts to non-technical stakeholders. Good understanding of KSA and Middle East regulatory security requirements.