Cybersecurity and Compliance Executive – Saudi National

Company Description

Tahalufis rewriting the events playbook. Its purpose is transformational, its DNA digital, and its ambition unprecedented. Over the next 12 months Tahaluf will scale to further increase its lead as the largest B2B Live and On Demand Events organiser in Saudi Arabia: by SQM, Attendance, Colleagues and Revenue.

To scale at this pace requires impeccable local partners, and Tahaluf is proud to enjoy the support and partnership of several Gov and Non Gov Organisations that are at the apex of Saudi’s B2B and B2C large scale events scene. In fact, our partners don’t just support the expansion of live events in the Kingdom; they’re also the partner of choice for heavyweights like Apple, Amazon and AliBaba.

Be part of something BIG!

Building on the success of record-breaking tech eventLEAP, which grew to be the world’s largest tech event globally in terms of attendee numbers in just its second edition, and award-winning cyber-security eventBlack Hat, Tahaluf is bringing iconic Informa brands to the Kingdom of Saudi Arabia, includingCPHI,Cityscape Global,which celebrated record-breaking participation at its debut Saudi edition in October.

Be part of an ambitious and highly committed team, who aren’t afraid to push boundaries and disrupt the status quo. Be ready to be thrown in at the deep end, taking on large-scale projects from day one, under the guidance of a supportive leadership team who will encourage your personal development and offer you new opportunities.

We are building awe-inspiring experiences. We are launching award-winning brands. And we are scaling faster than any event organiser in history. Take a leap with Tahaluf, we are offering you the chance to: • Work within a highly dynamic business with the energy and style of a start-up • Be part of building a business that is launching new products and events at scale • Grab an opportunity to accelerate your career and make a real impact

As our Cybersecurity & Compliance Executive, you will own the design, implementation, and continuous improvement of our security and compliance programs across all digital platforms. You’ll translate KSA-specific regulations (NCA, SAMA, PDPL) into actionable policies, partner with Tech teams to embed security controls and ensure every event and system launch meets the highest standards of data protection, risk management, and regulatory adherence.

Key Responsibilities

Regulatory Compliance

• Lead PDPL data-privacy readiness; coordinate with Legal for approvals.

• Help maintain documentation for PDPL, SAMA CSF, and NCA control checklists.

• Manage compliance with SAMA Cybersecurity Framework, NCA controls, and CITC guidelines.

• Prepare and share required security reports for each event with the Saudi National Cybersecurity Authority (NCA).

• Maintain audit trails and evidence packs to demonstrate compliance with internal and external audits, NCA and other regulatory controls.

Vulnerability and Risk Management

• Run scheduled vulnerability assessments across all digital platforms (web, mobile, API).

• Work closely with platform owners, development, and ops teams to prioritize, track, and verify remediation of identified findings.

Security Operations & Incident Response

• Oversee daily Security Information and Event Management monitoring, triage alerts, and threat intelligence feeds.

• Develop, test, and execute Incident Response Plans (IRP) and run tabletop exercises.

• Coordinate breach investigations and post-incident reports.

Technical Architecture & Controls

• Advise on secure network, cloud (AWS/Azure), and identity architectures.

• Specify, deploy, and tune security tools: firewalls, IDS/IPS, DLP, EDR, vulnerability scanners.

Policy & Process Maintenance

• Create and Update necessary policy documents and SOPs.

Vendor & Tool Coordination

• Liaise with platform and tool providers to schedule maintenance windows or updates.

• Verify delivery of agreed security reporting (e.g., monthly vulnerability reports).

Training & Awareness

• Build and deliver security awareness and phishing-simulation programs for all employees and event staff.

• Measure program effectiveness and iterate to drive cultural lift.

Reporting & Stakeholder Management

• Produce monthly dashboards on security posture, compliance status, and incident metrics for leadership.

• Liaise with internal teams (Tech, Legal, Operations) and external vendors to ensure consistent security integration.

Bachelor’s degree in Information Security, Computer Science, or related discipline.

Experience

• 3-5 years of experience in cybersecurity roles, with a minimum of 2 years of closely operating within the Saudi regulatory environment.

• Deep knowledge of SAMA CSF, NCA controls, PDPL requirements, and KSA data privacy laws.

• Basic project coordination skills and the ability to manage multiple tasks while maintaining attention to detail.

• Comfortable adapting to a fast-paced environment and adjusting to changing priorities.

• Good communication and interpersonal skills, able to work effectively with cross functional teams.

• Familiarity with project management tools and experience with event tech platforms is a plus.

• Experience working in the events and/or media industry is a plus

What you will get

• Medical Insurance for individual and family
• Annual leave – 25 days
• Remote working on Sundays
• Working anywhere – 1 month every year
• Wellbeing Benefits

Local Relocation Package*:

• Paid flight to Riyadh – individual and family (up to a max of three children)
• 30 days accommodation or suitable serviced apartment from arrival date or a one-off payment of SAR 5,000
• Up to SAR 2,500 reimbursement of shipping goods/excess baggage costs

*If eligible

We don't just accept difference, we celebrate it. We welcome applicants from all backgrounds and circumstances and base hiring decisions on relevant qualifications and merit. We are proud to provide a disability-friendly environment. If you require any support or adjustments to participate in our interview or selection processes, please let us know.