Security Compliance Officer

Job Description:

Security Compliance Officer – Banking Sector (Saudi Arabia)

Job Summary:

We are seeking a detail-oriented and experienced Security Compliance Officer to oversee and manage regulatory compliance activities for a major banking client in Saudi Arabia. The primary responsibility is to ensure full alignment with the Kingdom's cybersecurity regulations, especially those issued by the Saudi Arabian Monetary Authority (SAMA) and the National Cybersecurity Authority (NCA). This role is critical to maintaining the bank’s compliance posture, supporting audits, and driving remediation efforts across security operations.

Key Responsibilities:

• Act as the primary compliance liaison between the bank’s security function and regulatory bodies such as SAMA and NCA.

  
  

• Monitor and interpret all applicable regulatory and cybersecurity requirements (e.g., SAMA Cybersecurity Framework, NCA ECC, NCA CSF) and ensure alignment across security operations.

  
  

• Maintain and regularly update the compliance control matrix, ensuring that all controls are implemented, monitored, and documented.

  
  

• Coordinate internal compliance reviews, audits, and gap assessments to identify non-conformities or improvement areas.

  
  

• Support the development and periodic review of policies, procedures, and standards in line with regulatory updates and best practices.

  
  

• Track and report compliance status and risks to the Security Delivery Lead and bank stakeholders.

  
  

• Facilitate timely submission of mandatory reports, audit evidence, and self-assessments to SAMA or NCA.

  
  

• Assist in awareness and training sessions to educate technical and business stakeholders on compliance responsibilities.

  
  

• Work collaboratively with engineering teams to ensure regulatory compliance is considered in solution designs and operational processes.

  
  

• Drive remediation plans and ensure timely closure of audit findings or compliance gaps.

  
  

Required Qualifications:

• Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or a related field.

  
  

• Minimum of 5–7 years of experience in cybersecurity or information security compliance, preferably in the financial or banking sector.

  
  

• In-depth knowledge of SAMA Cybersecurity Framework, NCA Essential Cybersecurity Controls (ECC), and other relevant KSA regulatory frameworks.

  
  

• Experience preparing for and responding to external audits and assessments.

  
  

• Strong documentation and report writing skills in English; Arabic language proficiency is an added advantage.

  
  

Desired Skills and Certifications:

• Professional certifications such as CRISC, CISA, ISO 27001 Lead Auditor/Implementer, or CISSP.

  
  

• Familiarity with ISO 27001, NIST CSF, and other international frameworks.

  
  

• Strong analytical and problem-solving skills with the ability to interpret complex regulatory texts.

  
  

• Effective communication and interpersonal skills, with experience engaging senior stakeholders and auditors.

  
  

• Experience working with compliance tools or GRC platforms is a plus.

  
  

Working Conditions:

• Location: On-site at client premises in Saudi Arabia.

  
  

• Working Hours: Sunday to Thursday, full-time.

  
  

• Must be available for internal and external audits, including preparation and on-site support.

  
  

• Occasional travel within the Kingdom may be required.

  
  

• Must comply with client-specific background checks and clearance procedures.

  
  

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf.More information on employment scams is availablehere.