Information and Security Manager

This role is open to Saudi nationals only, in line with regulatory and Saudization requirements.

This is a critical leadership role at the heart of a regulated financial services organisation operating under SAMA oversight. You will own the information security agenda end‑to‑end, shape the cyber security strategy, and act as the key interface with regulators, the Board, and senior leadership.

If you’re looking for a role with real authority, regulatory visibility, and the chance to build and mature a security function, this is a rare opportunity.

• Own and execute the Information Security Strategy in full alignment with the SAMA Cyber Security Framework (CSF).
• Lead the implementation, maintenance, and continuous improvement of SAMA CSF controls across the organisation.
• Establish, maintain, and evolve information security policies, standards, and procedures, ensuring Board approval and enterprise‑wide adoption.
• Define and track security KPIs and KRIs, providing clear insight into risk posture and control effectiveness.

• Act as the primary cybersecurity liaison with SAMA and other relevant regulators.
• Provide regular, structured updates to the Board and Information Security Committee on security posture, risks, incidents, and strategic initiatives.
• Support regulatory examinations, audits, and due‑diligence activities with confidence and credibility.

• Oversee day‑to‑day cyber security operations, including SOC monitoring and compliance monitoring.
• Lead the investigation, response, and recovery for security incidents, ensuring clear communication to senior leadership and the Board.
• Own and continuously improve the incident response and recovery programme, including tabletop exercises and simulations.

• Deliver risk‑based cyber security solutions across people, process, and technology.
• Gather and analyse threat intelligence from internal and external sources to proactively manage emerging risks.
• Conduct regular risk assessments, gap analyses, and maturity reviews (including NIST‑based assessments).
• Maintain and evolve the organisation’s ISO 27001‑certified Information Security Management System (ISMS), including audits and continuous improvement.

• Lead security and cyber due‑diligence with clients, partners, third parties, and regulators.
• Demonstrate the maturity and effectiveness of security controls through clear documentation, evidence, and governance.

• Champion a security‑first culture across the organisation.
• Deliver engaging security awareness initiatives, phishing simulations, and training programmes.
• Embed security into day‑to‑day decision‑making, not just compliance checklists.

• Advocate for data privacy by design.
• Perform data mapping and risk assessments to implement strong data protection controls.
• Ensure alignment with applicable data protection laws and regulatory requirements.

Essential experience

• Proven experience in SAMA‑regulated financial institutions.
• Hands‑on experience implementing and operating the SAMA Cyber Security Framework.
• Strong background in senior information security or cyber security leadership roles.
• Experience implementing and maintaining ISO 27001/27002 controls and leading audits.
• Demonstrated ownership of security risk management plans, including actions, timelines, and reporting.
• Experience designing and operating preventive, detective, and corrective security controls.
• Strong understanding of enterprise IT environments, including:
• Endpoint and vulnerability management
• Network and infrastructure security
• Operating systems
• Public cloud environments (AWS and/or OCI)

Nice to have / strong advantage

• Experience conducting NIST maturity assessments.
• Experience with incident response, digital forensics, and major security incidents.
• Background in open banking, financial services, payments, or fintech.
• Experience working within cloud‑first or API‑driven environments.
• Familiarity with project and collaboration tools (JIRA, Confluence, Lucidchart, Office 365).

• Direct access to the Board and CEO.
• Regulatory visibility with SAMA.
• Genuine authority to set strategy, not just enforce controls.
• Opportunity to build, mature, and leave a lasting security legacy.
• High‑impact role in a regulated, fast‑evolving financial environment.