93 Security Governance jobs in Saudi Arabia

Summary

We are seeking to hire a proactive, security-focused Information Security Engineer to join our IT team. The Information Security Engineer will be responsible for designing, implementing, and maintaining security systems to safeguard company data. The ideal candidate will have strong experience in network security systems, threat analysis, incident response, along with a solid understanding of security frameworks and excellent problem-solving skills.

Responsibilities:

• Design, develop, and maintain network and security systems.
• Identify the latest technologies and processes to enhance overall system security performance.
• Analyze network performance and plan network and security system capacity and scalability, along with all related technologies.
• Protect email and network infrastructure from phishing attacks and social engineering threats.
• Configure and activate firewalls within the company's network.
• Supervise the development and performance evaluation of networks and related systems and establish performance measurement methods.
• Conduct system testing, identify security vulnerabilities, and develop appropriate solutions.
• Investigate intrusion and security breach incidents, gather incident response data, and perform digital forensic procedures.
• Develop and periodically update security policies.
• Assist in leading periodic reviews and evaluations of software and network design issues, ensuring network integrity, efficient information flow, scalability, cost optimization, and alignment with business needs.
• Provide technical support and respond to new user requests, as well as analyze and resolve network-related problems.
• Supervise and lead network system upgrades or expansion projects, including hardware and software installation, conducting integration tests, and coordinating with all relevant parties.
• Provide security monitoring and analysis reports.
• Supervise, lead, and monitor the performance of other network engineers, foster teamwork, and provide them with the necessary support.

Qualifications:

• Bachelor's degree in information security, Computer Science, or a related field.
• Minimum of 3 years of experience.
• Strong knowledge of security protocols, network security, risk management.
• Experience in real estate industry is a plus.
• Professional certifications are a plus.

Technical/Soft Skills:

• Protect email and network from phishing attacks.
• Work with devices such as Sophos, FortiGate, and other similar security systems.
• Supervise and lead the development and production of related documentation, such as system installation and configuration documents, network topology design and planning documents, and documentation of network issues and security system reports.
• Strong analytical skills to identify security vulnerabilities and implement effective solutions.

We are thrilled to announce an opportunity for a skilled Information Security Engineer to join our team and play a role in enhancing our security measures by utilizing your abilities and deep knowledge of information security methodologies. Paying attention to details and efficiently solving problems will be crucial in ensuring the safety of Tabby's systems.

The role you will be involved in both operations and important implementation projects contributing to the growth and maintenance of our technology infrastructure. If you have a passion for cybersecurity, possess technical skills and aspire to make a significant impact we strongly encourage you to apply and become an essential part of our dedicated cybersecurity team.

• Cloud Security: Have a good understanding of cloud services such as Google Cloud
• Provide (GCP), Terraform, CI-CD Security, Kubernetes Security,Gitlab, Product security features and fixes.
• Penetration Testing: Perform Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for Web, Mobile, and API applications. Plan and conduct Infrastructure Vulnerability Assessment and Penetration Testing of systems,
  
  switches, servers, and more.
• End-Point Protection: Exhibit expertise in planning, implementing, and managing enterprise-level Anti-Virus (AV) solutions to safeguard against malware, viruses, and other malicious threats.
• Infrastructure Security: Review the complete corporate IT infrastructure's security, including network security controls, anti-malware implementation, Cloud Security posture.
• Management (CPM), Data Loss Prevention (DLP), firewall rulesets, backup and disaster
  
  recovery, and vulnerability management processes.
• Project Management: Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigation.Work with DevOps and other teams to implement and improve security controls and/or processes.
• Security Awareness: Experience in conducting phishing simulations and other awareness exercises to evaluate employee susceptibility to social engineering and provide targeted training to enhance resilience.
• Security Monitoring: Automation and improvement of Incident Response procedures, playbook creation to reduce manual effort of responding to typical cyber incidents along with monitoring of threats and vulnerabilities or conducts regular threat intelligence.
• Research and develop detection rules utilizing an array of tools.

• Degree in Information Technology, Computer Science, Software Engineering, or related field
• Knowledge of Information Technology security issues and approaches to manage
• Information Technology security with a fast paced Fintech environment.
• Security Qualification Good to have: CEH, CompTia Security, etc
• Excellent communication, influencing and stakeholder management skills
• 2-3 Experience of working across teams to deliver solutions and generate high levels of
• internal buy-in
• Experience of developing and delivering training.
• Experience of working in a culturally diverse environment
• Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
• Programming and scripting understanding (Bash, Python etc.)
• Good Cloud experience with and appreciation of AWS, GCP & OCI.

Tabby creates financial freedom in the way people shop, earn and save, by reshaping their relationship with money.

The company's flagship offering allows shoppers to split their payments online and in-store with no interest or fees. Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.

Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest rated, most reviewed, largest and fastest growing app of any fintech in the GCC region.

Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.

Location

Jeddah, Saudi Arabia

Experience

4

Job Type

Recruitment

Job Description

• The responsibility of this role is to oversee and ensure the establishment of a cybersecurity and IT risk management program across the client, and to act as the focal point for cybersecurity and IT risk governance activities.
• Responsible for the design, management and review of Client's cybersecurity and IT risk management policies, standards, and baselines to ensure secure operation of Client information & systems.
• Conduct both network and user activity audits where required to determine security needs.
• Providing guidance and required training on matters relating to cybersecurity, ensuring the implementation of necessary actions to adhere to applicable laws/regulations, standards, and guidelines.

Responsibilities -

Network Administration and Security

• Manage protection of information systems, the detection of threats to Client's systems, and the response to detected threats and cyber-attacks.
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects system by defining access privileges, control structures, and resources.

Performance Monitoring-

• Manage and Troubleshoot network systems issues and submit recommendations for improvements in network operation and management.
• Plan for disaster recovery and create contingency plans in the event of any security breaches
• Engage in and manage 'ethical hacking', for example, simulating security breaches
• Identify potential weaknesses and implement measures, such as firewalls and encryption

Vendor Management-

• Coordinate with vendors to expedite the resolution of problems.
• Evaluate vendor solutions to ensure compliance with requirements and cost effectiveness.

Service Management-

• Act as an escalation point for all requests and incidents related to the network.
• Follow up on issues and provide subject matter expertise support for diagnosing and resolving problems.

Firewall Management (On-Premise and Cloud)-

• Oversee configuration, monitoring, and maintenance of on-premises and cloud-based firewalls, ensuring they are optimized to prevent unauthorized access and detect potential threats.
• Define and implement firewall rules and policies, including access controls, to secure network traffic according to organizational and compliance standards.
• Conduct regular audits and vulnerability assessments on firewalls to identify and mitigate any potential security weaknesses.
• Collaborate with network and system teams to troubleshoot and resolve firewall-related issues while minimizing downtime and disruption.

Cloud Security Management (Defender for Cloud)-

• Configure, manage, and optimize Microsoft Defender for Cloud settings to enhance security posture across cloud resources, including VMs, databases, and storage accounts.
• Develop and enforce security policies within Defender for Cloud to monitor and mitigate risks associated with cloud infrastructure, applications, and data.

Network Security-

• Design, implement, and maintain secure network architecture, incorporating firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and network segmentation strategies.
• Conduct network traffic analysis and continuous monitoring to identify anomalies or suspicious activities that may indicate potential security threats.

Threat Monitoring and Incident Response-

• Implement and oversee threat monitoring processes using security information and event management (SIEM) systems, integrating data from firewalls, Defender for Cloud, and network devices.
• Develop and execute incident response protocols for network, firewall, and cloud security incidents, minimizing impact through quick containment, analysis, and remediation.
• Perform post-incident analysis and reporting to identify root causes, improve firewall configurations, and update security policies as needed.

Compliance and Documentation-

• Ensure firewall, network, and cloud security policies comply with relevant regulations and industry standards (e.g., NIST, ISO
• Maintain documentation for all security configurations, procedures, and policies to facilitate audits and enhance knowledge sharing across IT teams.
• Conduct regular security assessments, risk analyses, and penetration tests on cloud and onpremises systems to verify compliance and mitigate vulnerabilities.

Service Level Agreements (SLA)-

• Monitor production, outputs, and services to ensure that SLAs, and other quality metrics, are being met.
• Developing SLAs.

Education and Experience -

• A bachelor's degree in IT and a master's degree is desirable, Min 4 years of experience
• Advanced certifications such as SANS GIAC/GCIA/GCIH and/or SIEM-specific training and certification
• Relevant certifications are an advantage (such as IAM Level I Security+ CE, CAP, CND, Cloud+, CSLC, CEH, CISM, CISSP, CASP, CCNA-Security)
• DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent)

Firewall and Network Security-

• Certifications like Checkpoint Certified Security Administrator (CCSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE) show expertise in managing and configuring

firewall systems.

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), which provide a comprehensive understanding of security management

practices.

Network Security:

• CompTIA Network+ or Cisco Certified CyberOps Associate for foundational and advanced knowledge in networking security principles and operations.

Competencies

• Firewall Management: Proficiency with firewall technologies and platforms (e.g., Cisco ASA, Palo Alto, Checkpoint) for setting up, configuring, and maintaining firewalls on both on-premises and cloud platforms.
• Cloud Security Expertise: In-depth understanding of cloud environments, especially

Microsoft Azure, to manage and secure cloud services, implement Defender for Cloud policies, and perform risk assessments.

• Networking Knowledge: Strong grasp of network protocols, segmentation, VPNs, IDS/IPS, and secure configuration of network devices.
• Security Monitoring and Incident Response: Proficiency in using SIEM tools (e.g., Splunk,

Microsoft Sentinel for monitoring, alerting, and responding to cybersecurity incidents across firewall and cloud environments.

• Risk Assessment and Compliance: Ability to assess risk in IT systems and ensure compliance with standards like NIST, ISO 27001, and PCI DSS.

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
As an Information Security GRC Specialist at NTT DATA, your role will be to ensure that our clients' security infrastructures and systems remain operational. With a proactive approach, you'll monitor, identify, investigate, and resolve technical incidents and problems, restoring service efficiently. Your primary objective will be to handle client requests or tickets with technical expertise, ensuring they are resolved within the agreed service level agreement (SLA).

You'll actively manage work queues, perform operational tasks, and update tickets with resolution actions. By identifying issues and errors early on, you'll log incidents promptly and provide second-level support, communicating effectively with other teams and clients to extend support when needed. Your role includes executing changes responsibly, flagging risks and mitigation plans, and ensuring all changes have proper approvals.

Collaborative efforts are at the heart of this role. You'll work closely with automation teams to optimize efforts and automate routine tasks, ensuring seamless handovers during shift changes. Your analytical skills will be key in auditing incident and request tickets for quality, recommending improvements, and contributing to trend analysis reports to identify automation opportunities.

As a go-to for initial client escalations, you'll assist L1 Security Engineers with triage and troubleshooting, and support project work when required. Your contributions to the change management process will ensure thorough documentation, effective planning and execution of maintenance activities, and compliance with standard procedures.

To thrive in this role, you need to have:

• Experience with managed services handling security infrastructure and working knowledge of ticketing tools, preferably ServiceNow.
• Proficiency in active listening, with techniques like paraphrasing and probing for further information.
• Excellent planning skills, able to anticipate and adjust to changing circumstances.
• Strong ability to communicate and engage across different cultures and social groups.
• Adaptability to changing conditions and flexibility in approach.
• Client-focused mindset, always putting their needs and positive experience first.
• A positive outlook and the ability to work well under pressure.
• Willingness to put in longer hours when necessary.
• Bachelor's degree or equivalent qualification in IT/Computing, or relevant work experience.

Workplace type:
On-site Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an

email address. If you suspect any fraudulent activity, please
contact us
.

Department:
InfoSec GRC

Employment Type:
Full Time

Location:
KSA

Reporting To:
Weam Munshi

Description
Reporting directly to the Head of Information Security, you will play a pivotal role in safeguarding Tweeq's information assets, managing risks, and driving the implementation of robust security frameworks in compliance with SAMA's guidelines.

Key Responsibilities

Compliance and Governance:

• Ensure adherence to SAMA requirements and standards.
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Monitor compliance with internal security policies and external regulatory requirements.

Risk Management:

• Conduct risk assessments and vulnerability analyses to identify and mitigate security threats.
• Develop and implement risk management strategies and controls.
• Monitor and report on the effectiveness of security measures.

Security Operations:

• Oversee the implementation and management of security tools and technologies.
• Coordinate with IT and other departments to ensure robust security measures are in place.
• Manage incident response and investigation processes.

Training and Awareness:

• Develop and deliver security awareness training programs.
• Promote a culture of security awareness within the organization.

Project Involvement:

• Participate in projects, including the onboarding and implementation of new systems, such as GRC tools.
• Attend workshops and contribute to the integration of security requirements into new projects.

Reporting and Documentation:

• Prepare regular reports on the status of information security programs.
• Maintain documentation related to security policies, procedures, and incidents.

Skills, Knowledge & Expertise

• Proven experience in information security.
• Strong knowledge of SAMA requirements and standards.
• Experience with governance, risk management, and compliance (GRC) tools such as Archer and Cyber Arrow is preferred.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work in a fast-paced, dynamic environment.
• Passionate about learning and career development.

We at CYBER are looking for an exceptional Chief Information Security Officer (CISO) to join our leadership team.

This is a
full-time
leadership role offering occasional flexibility but requiring a strong on-site and executive presence to drive security strategy across the organization.

As CISO, you will design, implement, and oversee a world-class cybersecurity strategy to protect our organization's data, systems, and reputation. You will lead a skilled team of cybersecurity professionals and work cross-functionally to embed security best practices across all business operations.

Key Responsibilities

Develop, implement, and maintain a comprehensive information security strategy aligned with business goals and regulatory requirements.

Lead, mentor, and grow a high-performing information security team; ensure continuous development of team capabilities.

Conduct enterprise-wide risk assessments; identify, assess, and prioritize security risks, and develop mitigation strategies.

Define, implement, and monitor security controls, processes, and policies across infrastructure, applications, and data.

Lead the response and investigation of security incidents, ensuring timely remediation and reporting.

Report regularly to executive leadership and the Board on security posture, KPIs, and risk landscape.

Champion security awareness across the organization; lead regular training and simulation exercises.

Stay ahead of evolving cyber threats, regulatory requirements, and industry trends; continuously improve the security program.

Collaborate with all business units, IT, legal, compliance, and third parties to ensure security is integrated across all operations.

Represent the organization at external cybersecurity forums, industry groups, and with regulators.

Requirements

Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field.

15+ years of experience in information security, with at least 5 years in a senior leadership role.

Professional certifications such as CISSP, CISM, CISA, CCISO, ISO 27001 Lead Implementer / Auditor.

In-depth knowledge of security frameworks and standards: ISO/IEC 27001, NIST, SAMA CSF, NCA ECC, GDPR, etc.

Excellent leadership, communication, and stakeholder management skills – capable of communicating technical topics to non-technical audiences.

Strong experience in security governance, risk management, compliance (GRC), cloud security, incident response, threat intelligence, and vulnerability management.

Proven ability to work effectively in full-time executive roles, collaborating across multi-disciplinary and geographically distributed teams.

Fluent in English; proficiency in additional languages is a plus.

Why Join Us?

Full-time executive role with meaningful leadership influence.

Work with cutting-edge technologies and top-tier cybersecurity experts.

Lead initiatives that directly shape the security posture of a fast-growing organization.

Competitive compensation package, medical insurance, and professional development opportunities.

Be part of a forward-thinking, innovation-driven culture with global impact.

IT Service Delivery

Job Purpose
The Senior Information Security Specialist is responsible for supporting the organization's computers, networks, and data against threats, such as security breaches, computer viruses, or attacks by cyber-criminals. This entry-level role requires foundational knowledge and experience in the field of information security.

Key Responsibilities

• Mentor junior information security specialists.
• Engineer integrations between IT systems and the SIEM.
• Manage security system posture through configuration checks.
• Support in developing and implementing security policies: Assist in creating protocols aimed at securing data and information systems.
• Assist in monitoring for security breaches within the Security Operations Center (SOC).
• Regularly monitor the organization's networks and systems for security breaches or intrusions under the guidance of senior team members.
• Incident response support: Assist in incident response activities and support a technical and forensic investigation into how the breach happened and the extent of the damage.
• Manage the Email Security Gateway.
• Work with the network team on administering network firewall rules.
• Respond to data loss prevention events.
• Monitor threat intelligence events and respond to indicators of compromise.
• Security risk assessment and mitigation: Conduct regular audits to ensure that systems are being protected as planned and to identify any weaknesses that might make information systems vulnerable to attack.
• Training and awareness: Assist in developing security standards, best practices, and systems requirements; support in training the workforce on information security through awareness campaigns and educational programs.
• Stay current on IT security trends and news: Continually update the cybersecurity strategy to leverage new technology and threat information.

Job Requirements

Education

• Bachelor of Science in Computer Science, Cyber Security, or a related field.
• Certified in Information Security (CompTIA Security+) or in progress.
• Preferred: Offensive Security Certified Professional (OSCP) certification.
• Preferred: PMI PMP certification.
• Preferred: ISO27001 certification.
• Preferred: ITIL v3+ Foundation certification.

Experience

• 5 years of business experience.
• 2+ years of Cyber Security experience.

At J-B, we're entering an exciting phase of growth — one that blends our strong market position with bold expansion into new opportunities across the financial ecosystem. As our business continues to evolve, digital trust and cybersecurity resilience have never been more central to how we operate and deliver value.

We're looking for a
Chief Information Security Officer
who sees cybersecurity not just as protection, but as a business enabler — someone who can partner with leadership to shape strategy, embed sensible controls, and build a culture of proactive risk management.

The ideal leader will:

• Bring proven experience in financial services or technology sectors.

• Demonstrate exceptional stakeholder management and influence across business and technology domains.

• Be solution-oriented, able to balance innovation with responsible governance.

• Possess strong strategic thinking and modeling capabilities to align cybersecurity with growth ambitions.

• Lead through collaboration, confidence, and clarity — especially in fast-moving environments.

At J-B, we want cybersecurity to be a signature strength — part of our leadership DNA and a key differentiator in how we operate and grow.

If you're a forward-thinking cybersecurity leader ready to make a real impact in a company that values agility, empowerment, and excellence — I'd be glad to connect.

We are looking for an Information Security Engineer L2 to strengthen our cybersecurity team. If you have the skills and experience, we welcome your application

Requirements:

• Bachelor's degree in computer science or related field
• Minimum of 5 years of experience in cybersecurity
• eJPT Certified
• CCNA Certified
• Additional industry certifications such as CISSP, CISA, and CEH are a plus
• Hands-on experience with security technologies including IAM, PAM, Mail Security, Antivirus, Advanced Threat Protection, SSL, VPN, NAC, WAF, and more
• Strong problem-solving and analytical skills
• Excellent communication skills and ability to work within a team
• Ability to work independently with minimal supervision

Responsibilities:

• Manage, maintain, and upgrade Identity and Access Management (IAM) systems, performing all operational tasks according to best practices to ensure system availability and regular updates
• Manage, maintain, develop, and upgrade server permissions and PAM systems, performing all operational tasks according to best practices to ensure system availability and regular updates
• Conduct regular and on-demand security scans and assessments on systems