Senior Cybersecurity Lead
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Hams.AI is an AI company building enterprise automation platforms for large organizations across Saudi Arabia and the region.
Key Skills for This Role
Full Job Posting
Overview
Company description
Hams.AI is an AI company building enterprise automation platforms for large organizations across Saudi Arabia and the region.
We work with organizations in government, healthcare, insurance, telecom, financial services, energy, and other regulated sectors where cybersecurity, privacy, reliability, operational control, and regulatory compliance are critical.
Through our Unified Communication Platform and Agentic Platform, Hams.AI helps enterprises automate customer interactions, internal workflows, service processes, and data-driven decisions across multiple channels and systems.
Our platform is hosted entirely within Saudi Arabia and is designed for real operational environments that require accuracy, speed, integration readiness, security awareness, and measurable business impact at scale.
As Hams.AI continues to grow and onboard more regulated enterprise and government clients, we are looking for a Cybersecurity & Compliance Lead to own our security and regulatory program end-to-end.
About The Role
We’re seeking a Cybersecurity & Compliance Lead who will be the single point of accountability for cybersecurity and regulatory compliance at Hams.AI.
This role reports directly to the CTO and will own the company’s cybersecurity governance, regulatory compliance, client security engagements, audit readiness, privacy program, incident response, and security awareness initiatives.
This is a high-ownership role for someone who understands Saudi regulatory requirements, enterprise security expectations, and how to operationalize cybersecurity controls in a fast-growing AI company.
What you will own
1.
Own the NCA compliance program, maintain alignment with the applicable NCA cybersecurity frameworks, including ECC, CCC, and DCC, and lead the path to formal NCA audit certification.
2.
Own the PDPL program, act as the company’s privacy lead under the Saudi Personal Data Protection Law, Royal Decree M/19, as amended by M/148, and maintain the Personal Data Protection Policy, RoPA, sub-processor list, and DPIA support.
3.
Own the security policy set, including Information Security Policy, Acceptable Use, Access Control, Change Management, Incident Response, Vulnerability Management, Backup and Recovery, and HR security procedures.
4.
Own the Personal Data Breach Notification Procedure, run tabletop exercises, lead live incident response, and fulfill the twenty-four-hour Controller notification commitment.
5.
Own client cybersecurity engagements, including responding to client risk assessments, NCA controls mappings, security questionnaires, and DPIAs, and representing Hams.AI in client security reviews.
6.
Lead the independent third-party audit program, engage external auditors for penetration testing and NCA-aligned audits, track findings to closure, and report to the CTO and clients.
7.
Own the security awareness program, including onboarding security orientation, phishing simulations, ongoing training records, and role-specific training for engineering, DevOps, and AI teams.
8.
Own the cybersecurity supervisory committee, establish and run the formal committee, and document its charter, members, minutes, and decisions.
9.
Maintain the risk register, including formal risk methodology, risk register, risk treatment plans, and periodic review.
10.
Lead the JML, Joiner, Mover, Leaver, process for cybersecurity controls, including access provisioning, background screening for privileged roles, and same-day offboarding.
Responsibilities
1.
A meaningful security and compliance foundation is already built.
You will:
2.
Inherit a complete NCA controls mapping covering the applicable frameworks, including ECC, CCC, and DCC.
3.
Inherit the PDPL Compliance Documentation and the Personal Data Breach Notification Procedure, CTO-approved, and operationalize them.
4.
Take ownership of the third-party penetration test program and the cadence of recurring engagements.
5.
Take ownership of the security architecture documentation and ongoing maintenance.
6.
Lead the planned formal NCA-aligned audit and the path to certification.
Build out the cybersecurity team as the company scales, with this role growing into Head of Cybersecurity over time.
Qualifications
- Five or more years of cybersecurity or GRC experience, with at least two years focused on NCA controls, including ECC, CCC, and DCC, or SAMA cybersecurity controls.
- Hands-on experience with PDPL as Data Processor or Data Controller, including DPA negotiation, DPIA, RoPA, and breach notification.
- Demonstrated experience writing and operationalizing security policies, including Information Security Policy, Incident Response Plan, Vulnerability Management Policy, and related policies.
- Demonstrated experience running incident response, including breach notification to regulated entities.
- Demonstrated experience managing third-party penetration testing engagements end-to-end.
- Working knowledge of cloud security on a major cloud provider, including GCP, AWS, or Azure.
- Strong written Arabic and English, as the role faces Saudi regulators and Arabic-speaking client cybersecurity teams, as well as international suppliers and English-speaking technical staff.
- Strongly preferred
- NCA Cybersecurity Professional certifications, such as SCyWF Cybersecurity Defense Specialist, or equivalent international certifications, including CISSP, CISM, CRISC, CISA, ISO 27001 Lead Auditor, or ISO 27001 Lead Implementer.
- Experience as a Data Protection Officer or equivalent privacy lead role.
- Experience with multi-tenant SaaS platforms, including data isolation, sub-processor, and shared-responsibility nuances.
- Experience with telephony or voice security, including SIP, SBC, and RTP, is useful but not required, as we have specialist coverage.
- Experience leading or supporting a SOC 2 Type II or ISO 27001 certification engagement end-to-end.
- Prior experience working with KSA regulators, including SDAIA, NCA, SAMA, or CITC.
- Experience designing security awareness programs, including phishing simulation tools and training platforms.
- Membership in cybersecurity professional bodies.
Why join us?
At Hams.AI, you’ll own a critical function in a fast-growing AI company working with enterprise, government, and regulated-sector clients.
You will lead the security and compliance foundation that enables Hams.AI to scale responsibly, pass enterprise risk assessments, meet Saudi regulatory expectations, and support mission-critical AI automation use cases across the region.
This is a role for someone who wants ownership, direct leadership visibility, and the opportunity to build a cybersecurity function that grows with the company.
Apply here: https://form.asana.com/?k\=6tMk1eDYFT7CjI7v_n3Meg&d\=1210838775195077
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at HAMS.AI | همس
Senior Project Manager
Riyadh, KSA
Hams.AI seeks a Senior Project Manager to lead enterprise AI implementation projects from kickoff to go-live. You will work closely with clients, manage delivery plans, track risks, and coordinate internal teams to ensur
Senior Business Analyst
Riyadh, KSA
Company description Hams.AI is an AI company building enterprise automation platforms for large organizations across Saudi Arabia and the region. We work with organizations in government, healthcare, insurance, telecom,
Senior Accountant
Riyadh, KSA
Senior AI Business Analyst Company Description Hams.AI is an AI company building enterprise automation platforms for large organizations across Saudi Arabia and the region. We work with organizations in government, healt
Senior Back End Developer
Riyadh, KSA
Company Description Hams.AI is an AI company building a full enterprise automation platform, enabling organizations to automate customer interactions, operational tasks, data-driven decisions, and service processes acros
Senior DevOps Engineer
Riyadh, KSA
Company Description Hams.AI is an AI company building a full enterprise automation platform, enabling organizations to automate customer interactions, operational tasks, data-driven decisions, and service processes acros