95 Cyber Risk jobs in Saudi Arabia

About the Company:

Riyadh Air (RX), headquartered in the Saudi Capital, is the new national airline that's shaping the future of flying. It seeks to lead the aviation industry by transforming Saudi Arabia into a global aviation and trade hub – a digitally native airline that will connect the kingdom to more than 100 destinations.

About the Role:

Are you an experienced cybersecurity leader with expertise in cyber fraud risk management?

In this role, you will establish and lead Riyadh Air's Cyber Fraud Prevention and Detection unit, developing and executing a comprehensive strategy that safeguards the airline and its customers against cyber fraud across digital platforms and business operations.

You will be responsible for building and managing a team of specialists, overseeing cyber fraud detection systems, conducting in depth investigations, and ensuring compliance with national and international regulations. Working closely with cross functional teams, you will play a key role in strengthening Riyadh Air's resilience against evolving threats.

This position will also require close collaboration with legal, compliance, and financial teams to ensure alignment with KSA regulatory frameworks, including PDPL, GACA, and CMA requirements.

As a senior leader, you will deliver regular insights and reports to senior management, guiding strategic decision making and building organizational readiness.

This is an opportunity to make a significant impact by protecting one of the world's most ambitious airlines from complex cyber fraud risks.

About You:

You will be degree qualified, with at least 10 years of professional experience in cybersecurity and a minimum of 3–5 years in senior management.

Expertise in cyber fraud risk management, fraud technologies, investigations, and data analytics is essential.

A bachelor's degree in business, Finance, or Computer Science is required. Professional certifications such as CISA, CFE, or CORP will be a advantage.

We are looking for a leader who has strong analytical skills, excellent communication, and the ability to collaborate with diverse stakeholders. You should have experience in building teams from the ground up, designing secure solutions, and driving innovation in fraud prevention.

This is a full-time, onsite role in Riyadh on a 12-month fixed-term contract.

When you work for us, you commit to a career at one of the largest and most prestigious professional services firms in the world. Looking for a rewarding career? Take a closer look at Deloitte & Touche ME. You'll understand that Deloitte is a Tier 1 Tax advisor in the GCC region since 2010 (according to the International Tax Review World Tax Rankings). It has received numerous awards in the last few years which include Best Employer in the Middle East, best consulting firm, and the Middle East Training & Development Excellence Award by the Institute of Chartered Accountants in England and Wales (ICAEW).

A career in Risk Advisory is all about the challenge of helping our clients manage risk and uncertainty, from the boardroom to the network. The spectrum of risk is broad, and our core competencies encompass control assurance, internal audit, corporate governance consulting, risk management, regulatory consulting, and IT security services. To be a Risk Advisory professional with Deloitte & Touche Middle East means you will gain a wealth of experience across a wide spectrum of industries. Diversity is not just a part of the business landscape in the region but also an integral part of Deloitte & Touche Middle East. Just as we are committed to seeing our clients excel, we are committed to providing you with the right environment to learn and grow and to tailor a career to your needs.

Our Purpose

Deloitte makes an impact that matters. Every day we challenge ourselves to do what matters most—for clients, for our people, and for society. We serve clients distinctively, bringing innovative insights, solving complex challenges, and unlocking sustainable growth. We inspire our talented professionals to deliver outstanding value to clients, providing an exceptional career experience and an inclusive and collaborative culture. We contribute to society, building confidence and trust in the markets, upholding the integrity of organizations, and supporting our communities.

Our shared values guide the way we behave to make a positive, enduring impact:

• Lead the way
• Serve with integrity
• Take care of each other
• Foster inclusion
• Collaborate for measurable impact

Scan the QR code or click on the below link to complete your assessment and then click on apply

Link: Bryq assessment

About the Role

We are seeking a highly experienced
Cybersecurity Manager
with a proven track record in
Governance, Risk & Compliance (GRC)
,
Network Security
, and
Infrastructure Security
. The ideal candidate will have extensive experience working with
System Integrators
, driving complex security projects, and ensuring robust cybersecurity frameworks across enterprise environments.

Key Responsibilities

• Lead and manage cybersecurity initiatives focusing on
  GRC, Network, and Infrastructure security domains
  .
• Design, implement, and oversee cybersecurity strategies and frameworks in line with international standards and regulatory requirements.
• Work closely with clients, stakeholders, and technology teams to deliver end-to-end security solutions.
• Ensure security compliance across critical systems, networks, and infrastructures.
• Drive risk assessments, audits, and remediation strategies.
• Provide leadership, mentorship, and guidance to security teams.

Requirements

• Minimum
  15 years of experience
  in cybersecurity with a strong managerial background.
• Expertise in
  Governance, Risk & Compliance (GRC)
  ,
  Network Security
  , and
  Infrastructure Security
  .
• Proven
  System Integrator experience
  in delivering large-scale cybersecurity projects.
• Strong domain knowledge in
  Airlines, Transport, or Tourism sectors
  (preferred).
• Excellent communication skills in
  Arabic and English
  .
• Relevant certifications (CISSP, CISM, CISA, ISO 27001 Lead Implementer, etc.) are highly desirable.

Summary

We are seeking to hire a proactive, security-focused Information Security Engineer to join our IT team. The Information Security Engineer will be responsible for designing, implementing, and maintaining security systems to safeguard company data. The ideal candidate will have strong experience in network security systems, threat analysis, incident response, along with a solid understanding of security frameworks and excellent problem-solving skills.

Responsibilities:

• Design, develop, and maintain network and security systems.
• Identify the latest technologies and processes to enhance overall system security performance.
• Analyze network performance and plan network and security system capacity and scalability, along with all related technologies.
• Protect email and network infrastructure from phishing attacks and social engineering threats.
• Configure and activate firewalls within the company's network.
• Supervise the development and performance evaluation of networks and related systems and establish performance measurement methods.
• Conduct system testing, identify security vulnerabilities, and develop appropriate solutions.
• Investigate intrusion and security breach incidents, gather incident response data, and perform digital forensic procedures.
• Develop and periodically update security policies.
• Assist in leading periodic reviews and evaluations of software and network design issues, ensuring network integrity, efficient information flow, scalability, cost optimization, and alignment with business needs.
• Provide technical support and respond to new user requests, as well as analyze and resolve network-related problems.
• Supervise and lead network system upgrades or expansion projects, including hardware and software installation, conducting integration tests, and coordinating with all relevant parties.
• Provide security monitoring and analysis reports.
• Supervise, lead, and monitor the performance of other network engineers, foster teamwork, and provide them with the necessary support.

Qualifications:

• Bachelor's degree in information security, Computer Science, or a related field.
• Minimum of 3 years of experience.
• Strong knowledge of security protocols, network security, risk management.
• Experience in real estate industry is a plus.
• Professional certifications are a plus.

Technical/Soft Skills:

• Protect email and network from phishing attacks.
• Work with devices such as Sophos, FortiGate, and other similar security systems.
• Supervise and lead the development and production of related documentation, such as system installation and configuration documents, network topology design and planning documents, and documentation of network issues and security system reports.
• Strong analytical skills to identify security vulnerabilities and implement effective solutions.

We are thrilled to announce an opportunity for a skilled Information Security Engineer to join our team and play a role in enhancing our security measures by utilizing your abilities and deep knowledge of information security methodologies. Paying attention to details and efficiently solving problems will be crucial in ensuring the safety of Tabby's systems.

The role you will be involved in both operations and important implementation projects contributing to the growth and maintenance of our technology infrastructure. If you have a passion for cybersecurity, possess technical skills and aspire to make a significant impact we strongly encourage you to apply and become an essential part of our dedicated cybersecurity team.

• Cloud Security: Have a good understanding of cloud services such as Google Cloud
• Provide (GCP), Terraform, CI-CD Security, Kubernetes Security,Gitlab, Product security features and fixes.
• Penetration Testing: Perform Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for Web, Mobile, and API applications. Plan and conduct Infrastructure Vulnerability Assessment and Penetration Testing of systems,
  
  switches, servers, and more.
• End-Point Protection: Exhibit expertise in planning, implementing, and managing enterprise-level Anti-Virus (AV) solutions to safeguard against malware, viruses, and other malicious threats.
• Infrastructure Security: Review the complete corporate IT infrastructure's security, including network security controls, anti-malware implementation, Cloud Security posture.
• Management (CPM), Data Loss Prevention (DLP), firewall rulesets, backup and disaster
  
  recovery, and vulnerability management processes.
• Project Management: Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigation.Work with DevOps and other teams to implement and improve security controls and/or processes.
• Security Awareness: Experience in conducting phishing simulations and other awareness exercises to evaluate employee susceptibility to social engineering and provide targeted training to enhance resilience.
• Security Monitoring: Automation and improvement of Incident Response procedures, playbook creation to reduce manual effort of responding to typical cyber incidents along with monitoring of threats and vulnerabilities or conducts regular threat intelligence.
• Research and develop detection rules utilizing an array of tools.

• Degree in Information Technology, Computer Science, Software Engineering, or related field
• Knowledge of Information Technology security issues and approaches to manage
• Information Technology security with a fast paced Fintech environment.
• Security Qualification Good to have: CEH, CompTia Security, etc
• Excellent communication, influencing and stakeholder management skills
• 2-3 Experience of working across teams to deliver solutions and generate high levels of
• internal buy-in
• Experience of developing and delivering training.
• Experience of working in a culturally diverse environment
• Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
• Programming and scripting understanding (Bash, Python etc.)
• Good Cloud experience with and appreciation of AWS, GCP & OCI.

Tabby creates financial freedom in the way people shop, earn and save, by reshaping their relationship with money.

The company's flagship offering allows shoppers to split their payments online and in-store with no interest or fees. Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.

Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest rated, most reviewed, largest and fastest growing app of any fintech in the GCC region.

Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.

Location

Jeddah, Saudi Arabia

Experience

4

Job Type

Recruitment

Job Description

• The responsibility of this role is to oversee and ensure the establishment of a cybersecurity and IT risk management program across the client, and to act as the focal point for cybersecurity and IT risk governance activities.
• Responsible for the design, management and review of Client's cybersecurity and IT risk management policies, standards, and baselines to ensure secure operation of Client information & systems.
• Conduct both network and user activity audits where required to determine security needs.
• Providing guidance and required training on matters relating to cybersecurity, ensuring the implementation of necessary actions to adhere to applicable laws/regulations, standards, and guidelines.

Responsibilities -

Network Administration and Security

• Manage protection of information systems, the detection of threats to Client's systems, and the response to detected threats and cyber-attacks.
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects system by defining access privileges, control structures, and resources.

Performance Monitoring-

• Manage and Troubleshoot network systems issues and submit recommendations for improvements in network operation and management.
• Plan for disaster recovery and create contingency plans in the event of any security breaches
• Engage in and manage 'ethical hacking', for example, simulating security breaches
• Identify potential weaknesses and implement measures, such as firewalls and encryption

Vendor Management-

• Coordinate with vendors to expedite the resolution of problems.
• Evaluate vendor solutions to ensure compliance with requirements and cost effectiveness.

Service Management-

• Act as an escalation point for all requests and incidents related to the network.
• Follow up on issues and provide subject matter expertise support for diagnosing and resolving problems.

Firewall Management (On-Premise and Cloud)-

• Oversee configuration, monitoring, and maintenance of on-premises and cloud-based firewalls, ensuring they are optimized to prevent unauthorized access and detect potential threats.
• Define and implement firewall rules and policies, including access controls, to secure network traffic according to organizational and compliance standards.
• Conduct regular audits and vulnerability assessments on firewalls to identify and mitigate any potential security weaknesses.
• Collaborate with network and system teams to troubleshoot and resolve firewall-related issues while minimizing downtime and disruption.

Cloud Security Management (Defender for Cloud)-

• Configure, manage, and optimize Microsoft Defender for Cloud settings to enhance security posture across cloud resources, including VMs, databases, and storage accounts.
• Develop and enforce security policies within Defender for Cloud to monitor and mitigate risks associated with cloud infrastructure, applications, and data.

Network Security-

• Design, implement, and maintain secure network architecture, incorporating firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and network segmentation strategies.
• Conduct network traffic analysis and continuous monitoring to identify anomalies or suspicious activities that may indicate potential security threats.

Threat Monitoring and Incident Response-

• Implement and oversee threat monitoring processes using security information and event management (SIEM) systems, integrating data from firewalls, Defender for Cloud, and network devices.
• Develop and execute incident response protocols for network, firewall, and cloud security incidents, minimizing impact through quick containment, analysis, and remediation.
• Perform post-incident analysis and reporting to identify root causes, improve firewall configurations, and update security policies as needed.

Compliance and Documentation-

• Ensure firewall, network, and cloud security policies comply with relevant regulations and industry standards (e.g., NIST, ISO
• Maintain documentation for all security configurations, procedures, and policies to facilitate audits and enhance knowledge sharing across IT teams.
• Conduct regular security assessments, risk analyses, and penetration tests on cloud and onpremises systems to verify compliance and mitigate vulnerabilities.

Service Level Agreements (SLA)-

• Monitor production, outputs, and services to ensure that SLAs, and other quality metrics, are being met.
• Developing SLAs.

Education and Experience -

• A bachelor's degree in IT and a master's degree is desirable, Min 4 years of experience
• Advanced certifications such as SANS GIAC/GCIA/GCIH and/or SIEM-specific training and certification
• Relevant certifications are an advantage (such as IAM Level I Security+ CE, CAP, CND, Cloud+, CSLC, CEH, CISM, CISSP, CASP, CCNA-Security)
• DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent)

Firewall and Network Security-

• Certifications like Checkpoint Certified Security Administrator (CCSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE) show expertise in managing and configuring

firewall systems.

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), which provide a comprehensive understanding of security management

practices.

Network Security:

• CompTIA Network+ or Cisco Certified CyberOps Associate for foundational and advanced knowledge in networking security principles and operations.

Competencies

• Firewall Management: Proficiency with firewall technologies and platforms (e.g., Cisco ASA, Palo Alto, Checkpoint) for setting up, configuring, and maintaining firewalls on both on-premises and cloud platforms.
• Cloud Security Expertise: In-depth understanding of cloud environments, especially

Microsoft Azure, to manage and secure cloud services, implement Defender for Cloud policies, and perform risk assessments.

• Networking Knowledge: Strong grasp of network protocols, segmentation, VPNs, IDS/IPS, and secure configuration of network devices.
• Security Monitoring and Incident Response: Proficiency in using SIEM tools (e.g., Splunk,

Microsoft Sentinel for monitoring, alerting, and responding to cybersecurity incidents across firewall and cloud environments.

• Risk Assessment and Compliance: Ability to assess risk in IT systems and ensure compliance with standards like NIST, ISO 27001, and PCI DSS.

The IBM security consulting team provides customized solutions for our clients, not point solutions or basic product installation. The Managing Consultant will work with our clients to understand their specific business issues, both internally and externally and provide solutions to solve specific business issues for our clients. They will be able to look at our client’s issues and work with other senior IBM consultants to provide guidance on a systematic approach to solve these within our client’s budget and timeframe.

The Managing Consultants will provide subject matter expertise in the form of workshops, and consulting engagements, which assess a client’s security capabilities, which could be in the policy, process, technology or organizational areas, identify gaps and recommend cost effective best practices to reduce client risk and increase their handle on security risk. Having hands on implementation experience is a requirement of this position as well as deep technical knowledge of Security Governance tools. The Senior Consultant will assist in pre-sales, sales, closure, and then organizing the delivery of security consulting services with local teams.

Your role and responsibilities include working with clients to understand their specific business issues and providing solutions to solve these issues. The Managing Consultant will provide subject matter expertise in the form of workshops and consulting engagements to assess a client’s security capabilities and recommend cost-effective best practices.

Bachelor's Degree is required. Required technical and professional expertise includes security domain skills, core consulting skills, and preferred technical and professional experience.

• Security Domain Skills: knowledge across multiple platforms, processes, or architectures, security consulting skills, and the ability to act as a trusted client advisor and a trusted technical lead for the team.
• Core Consulting Skills: strong communication and presentation skills, the ability to lead large groups and be a primary facilitator and lead, comfortable working in a project-based/client-serving model, ability to lead and shape client expectations, help drive pursuits and engage in complex deals, and ability to work easily with diverse and dynamic teams.
• Preferred Technical and Professional Experience: at least 5 years relevant consulting experience in Cyber Strategy and Risk domain, security consulting experience across multiple client verticals.

IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law.

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
As an Information Security GRC Specialist at NTT DATA, your role will be to ensure that our clients' security infrastructures and systems remain operational. With a proactive approach, you'll monitor, identify, investigate, and resolve technical incidents and problems, restoring service efficiently. Your primary objective will be to handle client requests or tickets with technical expertise, ensuring they are resolved within the agreed service level agreement (SLA).

You'll actively manage work queues, perform operational tasks, and update tickets with resolution actions. By identifying issues and errors early on, you'll log incidents promptly and provide second-level support, communicating effectively with other teams and clients to extend support when needed. Your role includes executing changes responsibly, flagging risks and mitigation plans, and ensuring all changes have proper approvals.

Collaborative efforts are at the heart of this role. You'll work closely with automation teams to optimize efforts and automate routine tasks, ensuring seamless handovers during shift changes. Your analytical skills will be key in auditing incident and request tickets for quality, recommending improvements, and contributing to trend analysis reports to identify automation opportunities.

As a go-to for initial client escalations, you'll assist L1 Security Engineers with triage and troubleshooting, and support project work when required. Your contributions to the change management process will ensure thorough documentation, effective planning and execution of maintenance activities, and compliance with standard procedures.

To thrive in this role, you need to have:

• Experience with managed services handling security infrastructure and working knowledge of ticketing tools, preferably ServiceNow.
• Proficiency in active listening, with techniques like paraphrasing and probing for further information.
• Excellent planning skills, able to anticipate and adjust to changing circumstances.
• Strong ability to communicate and engage across different cultures and social groups.
• Adaptability to changing conditions and flexibility in approach.
• Client-focused mindset, always putting their needs and positive experience first.
• A positive outlook and the ability to work well under pressure.
• Willingness to put in longer hours when necessary.
• Bachelor's degree or equivalent qualification in IT/Computing, or relevant work experience.

Workplace type:
On-site Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an

email address. If you suspect any fraudulent activity, please
contact us
.