Cyber Security Specialist

About us: Soar is a global fintech startup that specializes in financing and investment. Currently headquartered in Saudi Arabia, Soar is growing throughout the region with a mission to help people achieve their financial goals with innovative financial and property investment solutions and tools through its multi-purpose platform, designed to offer a simple and seamless user experience.

We are seeking a dynamic Cybersecurity Specialist to be a foundational member of our organization’s cybersecurity program, with a strong focus on Governance, Risk, and Compliance (GRC). This individual will be responsible for ensuring adherence to regulatory mandates by conducting comprehensive cybersecurity risk assessments, performing robust third‑party security evaluations, and executing detailed gap assessments against our current controls. The role will work closely with the GRC Head, providing critical support by tracking and monitoring all compliance checks, remediation tasks, and implementation projects. The ideal candidate will help the organization achieve and maintain alignment with key regulatory requirements and standards within KSA, specifically the SAMA Cybersecurity Framework and the Personal Data Protection Law (PDPL).

• Ensure the effective implementation and operationalization of established cybersecurity governance policies, standards, and frameworks.
• Conduct continuous monitoring to validate organization‑wide adherence to established cybersecurity policies and procedures.
• Develop and deliver periodic reports to the CISO and GRC head detailing key governance metrics and compliance status.
• Execute comprehensive cybersecurity risk assessments to systematically identify, analyze, and evaluate organizational vulnerabilities and threats.
• Collaborate with cross‑functional stakeholders to facilitate risk prioritization and oversee the implementation of corresponding mitigation strategies.
• Manage and ensure the continuous maintenance, accuracy, and currency of the organization’s cybersecurity risk register.
• Validate organizational compliance with all applicable legal and regulatory requirements within the Kingdom of Saudi Arabia, including, but not limited to SAMA, PDPL, and the NCA.

• Bachelor’s degree in computer science or a related quantitative field.
• A professional certification is strongly preferred.
• Minimum of 5 years of experience in Cybersecurity Governance Risk and Compliance (GRC) within the financial services sector.
• Experience in a Fintech or a digitally focused environment is highly advantageous.
• Deep, practical experience in implementing cybersecurity controls, including risk management, policy implementation, and KPI/KRI monitoring.
• Solid understanding of SAMA’s requirements and expectations regarding the Cybersecurity Framework (CSF).
• Excellent verbal and written communication skills in English to effectively liaise with technical teams, senior management, and the CISO.