Security Engineer

• Lead the cyber risk assessment process, ensuring identification, evaluation, and treatment risks in line with SAMA CSF Maturity Level 3.
• Own and maintain the cybersecurity risk register with clear risk ownership and treatment tracking.
• Conduct a multi-tier risk assessment that includes people, process, and technology.
• Conduct risk assessments for new products, SaaS platforms, infrastructure, and third-party engagements.
• Perform vendor/outsourcing risk assessments in compliance with SAMA and NCA regulations.
• Integrate risk-based decision-making into product, business, and technology initiatives.
• Define and maintain the enterprise security architecture blueprint, covering cloud infrastructure, microservices, APIs, SaaS platforms, and endpoints.
• Review and validate technical designs and deployments to ensure compliance with security requirements and regulatory standards.
• Establish reference architectures and technical standards (IAM, encryption, secure APIs, network segmentation, cloud workloads).
• Promote security by design practices across product and technology teams.
• Ensure architectural compliance with SAMA CSF, PCI DSS, PDPL, NDMO, and NCA ECC/DCC.
• Develop and track cybersecurity KPIs and KRIs to measure the effectiveness of risk management and architecture controls.
• Provide metrics-driven insights to support CISO decision-making and continuous improvement of controls.
• Support maturity assessments and reporting to demonstrate progress toward SAMA CSF Level 3+.

Cybersecurity Risk & Architecture Lead

Cybersecurity Lead – Architect