About the Client We are sourcing on behalf of a General Engineering Company (GEC) that has been delivering comprehensive project management, design, and consultancy services since 1989. They offer full-spectrum services including hospitality consultancy, feasibility studies, architecture, interior design, electromechanical systems, and turnkey project delivery. With extensive international experience, they have successfully completed diverse projects across hospitality, residential, commercial, and master planning sectors.
About the Role This Cybersecuity and Technology Assurance Expert position is designed for an experienced professional with a strong background in technology assurance and deep familiarity with Saudi Arabian cybersecurity regulations, particularly the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC). The role is suited for a mid-to-senior level expert who has previously worked in Saudi Arabia and possesses hands-on experience in implementing, auditing, and maintaining compliance with local cybersecurity frameworks. The position is critical in safeguarding organizational information systems, ensuring regulatory compliance, and providing assurance services that align with both international best practices and Saudi-specific requirements.
Key Responsibilities Conduct comprehensive risk assessments and vulnerability analyses of information systems, with a focus on compliance with Saudi NCA ECC and related regulatory frameworks. Develop, implement, and continuously improve cybersecurity policies, procedures, and controls to meet both organizational and Saudi regulatory standards. Lead technology assurance initiatives, including the design and execution of security audits, gap analyses, and remediation plans tailored to the Saudi regulatory environment. Monitor, evaluate, and report on the effectiveness of security controls, ensuring ongoing alignment with NCA ECC and other relevant Saudi cybersecurity mandates. Provide expert guidance and training to internal teams on cybersecurity best practices, regulatory requirements, and incident response protocols specific to the Saudi context. Collaborate with IT, compliance, and business units to ensure seamless integration of security measures across all technology platforms and services. Prepare detailed documentation and evidence for regulatory audits, and liaise with external auditors and Saudi regulatory bodies as required. Stay abreast of evolving cybersecurity threats, technologies, and regulatory changes within Saudi Arabia, proactively updating assurance strategies and controls. Respond to and manage security incidents, coordinating investigations and implementing corrective actions in accordance with NCA ECC guidelines. Support the development and execution of business continuity and disaster recovery plans, ensuring alignment with both organizational needs and Saudi regulatory expectations.
Required Experience & Skills Demonstrated expertise in cybersecurity, with a minimum of 5 years of experience in information security roles, including direct work in Saudi Arabia. In-depth knowledge of Saudi cybersecurity regulations, particularly the NCA Essential Cybersecurity Controls (ECC), and proven experience implementing and maintaining compliance. Strong background in technology assurance services, including security audits, risk assessments, and compliance reviews within regulated environments. Proficiency in identifying, analyzing, and mitigating security vulnerabilities across diverse IT infrastructures. Experience preparing for and supporting external audits, including the collection and presentation of compliance evidence to regulatory authorities. Advanced understanding of security frameworks such as ISO 27001, NIST, and their integration with Saudi-specific requirements. Excellent communication skills, with the ability to convey complex security concepts and regulatory requirements to both technical and non-technical stakeholders. Strong analytical and problem-solving abilities, with a proactive approach to identifying and addressing emerging threats and compliance gaps. Familiarity with incident response planning, business continuity, and disaster recovery processes in regulated environments. Ability to work collaboratively in multicultural teams and adapt to dynamic regulatory landscapes.
Qualifications Bachelor’s degree or higher in Computer Science, Information Security, Information Technology, or a related field. Professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. Documented experience working in Saudi Arabia with direct exposure to NCA ECC and other local cybersecurity regulations. Proven track record in technology assurance and regulatory compliance within the cybersecurity domain. Fluency in English; proficiency in Arabic is an advantage but not mandatory.
Tools & Technologies Security Information and Event Management (SIEM) platforms (e.g., Splunk, IBM QRadar, Arc Sight) Vulnerability assessment and penetration testing tools (e.g., Nessus, Qualys, Metasploit) Governance, Risk, and Compliance (GRC) tools (e.g., RSA Archer, Service Now GRC) Endpoint protection and monitoring solutions (e.g., Crowd Strike, Symantec, McAfee) Network security appliances (e.g., firewalls, IDS/IPS, VPNs) Cloud security platforms (e.g., AWS Security Hub, Azure Security Center) Documentation and audit management tools (e.g., Confluence, Share Point) Familiarity with regulatory reporting and compliance management systems
This role offers the opportunity to make a significant impact on the security and regulatory posture. The position provides exposure to advanced cybersecurity practices, regulatory compliance, and technology assurance in a rapidly evolving digital landscape. Professionals in this role will contribute directly to the protection of critical information assets and the achievement of regulatory excellence.
By applying to this position, you are granting us permission to process your CV and keep your profile on file for consideration for this and future opportunities.
