Senior Cybersecurity Consultant

We are seeking a highly technical and strategic Senior Cybersecurity Consultant to design, build, and lead our overarching Cybersecurity organization. The right candidate will be responsible for structuring the department from the ground up, establishing specialized sub-departments (such as SecOps, GRC, AppSec, and Identity & Access Management), and driving our security posture. The ideal candidate is a builder—someone who can define high-level security strategy and RACI matrices one day, and actively configure security scanning tools in the CI/CD pipeline the next.

Requirements

• Department Leadership & Structuring: Design and formalize the cybersecurity department structure. Define the scope, objectives, and KPIs for all sub-departments (SOC/SecOps, Governance Risk & Compliance (GRC), Application Security, and Infrastructure Security).
• Team Building: Recruit, mentor, and lead a high-performing team of security engineers, analysts, and GRC specialists.
• Hands-on Tool Management: Actively deploy, configure, and manage a suite of cybersecurity tools. Oversee the integration of automated security testing (SAST, DAST, SCA, secret scanning) directly into CI/CD pipelines (e.g., GitLab).
• DevSecOps Championing: Lead hands-on implementation of tools such as SonarQube, Trivy, Gitleaks, and OWASP ZAP to ensure code and infrastructure are secure by design.
• Regulatory & Compliance Alignment: Ensure the organization’s security architecture and policies comply with strict regional financial and cybersecurity frameworks (including NCA, SAMA, CMA, and IA regulations).
• Incident Response & Architecture: Serve as the ultimate escalation point for severe security incidents. Design secure multi-cloud architectures and ensure robust continuous monitoring.

Required Qualifications

• Experience: 8+ years in cybersecurity, with at least 3 years in a leadership or senior consulting role managing multiple security domains.
• Team Formatting: Proven track record of building and structuring security teams or departments from scratch, preferably within the fintech, insurance, or investment platform sectors.
• Technical Proficiency: Deep, hands-on experience with an array of cybersecurity tools spanning DevSecOps, SIEM, EDR, and vulnerability management.
• Cloud Security: Strong background in securing modern cloud infrastructure (AWS, GCP, or OCI) and containerized environments.
• Communication: Ability to translate complex technical risks into business terms for executive leadership.

Preferred Qualifications (A Plus)

• Recognized industry certifications such as CISSP, CISM, CISA, OSCP, or equivalent executive/technical security credentials.
• Previous experience operating within the specific regulatory landscapes of Saudi Arabia and the broader MENA region.

Benefits

• Hybrid work model
• Healthy working environment
• Medical Insurance
• Social Insurance