Chief Information Security Officer (CISO)
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Chief Information Security Officer (CISO)About the Role We are seeking an experienced and strategic Chief Information Security Officer (CISO) to lead the company’s cybersecurity function and ensure the protection of its information assets, systems, cloud infrastructure, and digital services.
Key Skills for This Role
Full Job Posting
About The Role
We are seeking an experienced and strategic Chief Information Security Officer (CISO) to lead the company’s cybersecurity function and ensure the protection of its information assets, systems, cloud infrastructure, and digital services.
The role is responsible for establishing and maintaining a robust cybersecurity framework aligned with the Saudi Central Bank (SAMA) Cyber Security Framework (CSF), National Cybersecurity Authority (NCA) requirements, and industry best practices.
The CISO will oversee cybersecurity governance, risk management, compliance, threat monitoring, incident response, and security awareness initiatives while serving as a trusted advisor to executive management and the Board of Directors.
Key Responsibilitiescybersecurity Strategy & Governance
- Develop, implement, and maintain the company’s cybersecurity strategy, policies, standards, and procedures.
- Ensure cybersecurity governance frameworks are aligned with SAMA CSF, NCA regulations, and industry best practices.
- Establish and maintain cybersecurity architecture to ensure security requirements are embedded across technology solutions and platforms.
- Define and monitor cybersecurity Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
- Provide regular cybersecurity reports and updates to senior management and the Board of Directors.
Cybersecurity Risk Management
- Establish and oversee the cybersecurity risk management framework and processes.
- Conduct periodic cybersecurity risk assessments and ensure mitigation plans are implemented.
- Ensure cybersecurity risks are appropriately identified, assessed, monitored, and reported.
- Maintain information and system classification frameworks to protect data assets according to their criticality and sensitivity.
Security Operations & Incident Management
- Oversee Security Operations Center (SOC) activities, threat monitoring, and vulnerability management programs.
- Lead cybersecurity incident response activities and ensure timely escalation and reporting to regulators when required.
- Gather and analyze cyber threat intelligence to proactively identify and mitigate emerging threats.
- Ensure effective monitoring, detection, and response capabilities are maintained across the organization.
Regulatory Compliance & Assurance
- Ensure compliance with SAMA Cyber Security Framework (CSF), NCA Essential Cybersecurity Controls (ECC), and internal policies.
- Support regulatory audits, cybersecurity assessments, and compliance reviews.
- Act as the primary cybersecurity liaison with regulators and external auditors.
- Ensure timely remediation of audit findings, vulnerabilities, and regulatory observations.
Cloud & Third-Party Security
- Oversee cloud security governance and ensure cloud environments comply with regulatory and security requirements.
- Conduct security reviews and risk assessments of third-party service providers and vendors.
- Ensure outsourcing arrangements and technology providers meet contractual, cybersecurity, and regulatory obligations.
Security Awareness & Leadership
- Lead cybersecurity awareness and training programs across the organization.
- Build, mentor, and manage the cybersecurity team, ensuring appropriate skills development and professional growth.
- Foster a security-first culture throughout the organization.
- Provide strategic cybersecurity guidance to business and technology stakeholders.
Key Competencies
- Strong leadership, governance, and stakeholder management skills.
- Deep understanding of cybersecurity risk management and regulatory compliance.
- Ability to translate complex cybersecurity concepts into business-focused recommendations.
- Excellent analytical, problem-solving, and decision-making capabilities.
- Strong communication and presentation skills.
- Experience managing cybersecurity programs within highly regulated environments.
- Ability to lead incident response and crisis management activities.
Qualifications & Experience
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (Master’s degree preferred).
- 7–10 years of experience in cybersecurity, information security, or technology risk management.
- Minimum 3 years in a cybersecurity leadership or management role.
- Strong knowledge of SAMA Cyber Security Framework (CSF), NCA Essential Cybersecurity Controls (ECC), cloud security, and cybersecurity governance.
- Experience within financial services, fintech, banking, or other regulated sectors is highly preferred.
- Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are highly desirable.
- Excellent communication skills in Arabic and English (written and verbal).
Reporting & Governance
- Reports directly to the Chief Executive Officer (CEO).
- Maintains independent access to the Board of Directors for cybersecurity matters.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career