The Role
Lead design and build of a cybersecurity organization: structure sub-departments (SOC/SecOps, GRC, AppSec, IAM), recruit and mentor teams, deploy and integrate DevSecOps tools into CI/CD, ensure regulatory compliance, design multi-cloud secure architectures, and act as escalation lead for major incidents.
Summary Generated by Built In
We are seeking a highly technical and strategic Senior Cybersecurity Consultant to design, build, and lead our overarching Cybersecurity organization. The right candidate will be responsible for structuring the department from the ground up, establishing specialized sub-departments (such as SecOps, GRC, AppSec, and Identity & Access Management), and driving our security posture. The ideal candidate is a builder—someone who can define high-level security strategy and RACI matrices one day, and actively configure security scanning tools in the CI/CD pipeline the next.
Requirements
- Department Leadership & Structuring: Design and formalize the cybersecurity department structure. Define the scope, objectives, and KPIs for all sub-departments (SOC/SecOps, Governance Risk & Compliance (GRC), Application Security, and Infrastructure Security).
- Team Building: Recruit, mentor, and lead a high-performing team of security engineers, analysts, and GRC specialists.
- Hands-on Tool Management: Actively deploy, configure, and manage a suite of cybersecurity tools. Oversee the integration of automated security testing (SAST, DAST, SCA, secret scanning) directly into CI/CD pipelines (e.g., GitLab).
- DevSecOps Championing: Lead hands-on implementation of tools such as SonarQube, Trivy, Gitleaks, and OWASP ZAP to ensure code and infrastructure are secure by design.
- Regulatory & Compliance Alignment: Ensure the organization’s security architecture and policies comply with strict regional financial and cybersecurity frameworks (including NCA, SAMA, CMA, and IA regulations).
- Incident Response & Architecture: Serve as the ultimate escalation point for severe security incidents. Design secure multi-cloud architectures and ensure robust continuous monitoring.
Required Qualifications
- Experience: 8+ years in cybersecurity, with at least 3 years in a leadership or senior consulting role managing multiple security domains.
- Team Formatting: Proven track record of building and structuring security teams or departments from scratch, preferably within the fintech, insurance, or investment platform sectors.
- Technical Proficiency: Deep, hands-on experience with an array of cybersecurity tools spanning DevSecOps, SIEM, EDR, and vulnerability management.
- Cloud Security: Strong background in securing modern cloud infrastructure (AWS, GCP, or OCI) and containerized environments.
- Communication: Ability to translate complex technical risks into business terms for executive leadership.
Preferred Qualifications (A Plus)
- Recognized industry certifications such as CISSP, CISM, CISA, OSCP, or equivalent executive/technical security credentials.
- Previous experience operating within the specific regulatory landscapes of Saudi Arabia and the broader MENA region.
Benefits
- Hybrid work model
- Healthy working environment
- Medical Insurance
- Social Insurance
Skills Required
- 8+ years in cybersecurity with at least 3 years in leadership or senior consulting managing multiple security domains
- Proven track record of building and structuring security teams or departments from scratch, preferably in fintech, insurance, or investment platforms
- Hands-on experience deploying, configuring, and managing DevSecOps tools and integrating SAST, DAST, SCA, and secret scanning into CI/CD (e.g., GitLab)
- Practical experience with SonarQube, Trivy, Gitleaks, OWASP ZAP or equivalent tooling
- Deep experience across SIEM, EDR, and vulnerability management technologies
- Strong background securing cloud infrastructure (AWS, GCP, or OCI) and containerized environments
- Ability to define security strategy, KPIs, RACI matrices, and align architecture with regional financial and cybersecurity regulations (NCA, SAMA, CMA, IA)
- Experience serving as escalation point for severe security incidents and designing continuous monitoring architectures
- Ability to recruit, mentor, and lead security engineers, analysts, and GRC specialists
- Ability to translate complex technical risks into business terms for executive leadership
- CISSP, CISM, CISA, OSCP or equivalent executive/technical security certifications
- Previous experience operating within Saudi Arabia and broader MENA regulatory landscapes
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
A software house focusing on financial technology






