Cybersecurity Risk & Architecture Lead

Sifi

Key Responsibilities Risk Management

• Lead the cyber risk assessment process, ensuring identification, evaluation, and treatment risks in line with SAMA CSF Maturity Level 3.
• Own and maintain the cybersecurity risk register with clear risk ownership and treatment tracking.
• Conduct a multi-tier risk assessment that includes people, process, and technology.
• Conduct risk assessments for new products, SaaS platforms, infrastructure, and third-party engagements.
• Perform vendor/outsourcing risk assessments in compliance with SAMA and NCA regulations.
• Integrate risk-based decision-making into product, business, and technology initiatives.

Cybersecurity Architecture

• Define and maintain the enterprise security architecture blueprint, covering cloud infrastructure, microservices, APIs, SaaS platforms, and endpoints.
• Review and validate technical designs and deployments to ensure compliance with security requirements and regulatory standards.
• Establish reference architectures and technical standards (IAM, encryption, secure APIs, network segmentation, cloud workloads).
• Promote security by design practices across product and technology teams.
• Ensure architectural compliance with SAMA CSF, PCI DSS, PDPL, NDMO, and NCA ECC/DCC Metrics, KPIs & KRIs.
• Develop and track cybersecurity KPIs and KRIs to measure the effectiveness of risk management and architecture controls.
• Provide metrics-driven insights to support CISO decision-making and continuous improvement of controls.
• Support maturity assessments and reporting to demonstrate progress toward SAMA CSF Level 3+.

Requirements

• Minimum 8-10 years of experience in cybersecurity with proven expertise in risk management and security architecture.
• Experience in financial services or fintech, preferably in a SAMA regulated environment.
• Strong knowledge of SAMA CSF domains: Risk Management, Cybersecurity Architecture, Third Party Management, Compliance.
• Expertise in cloud security, SaaS environments, APIs, and modern fintech architectures.
• Familiarity with regulatory and industry standards: SAMA CSF, NCA ECC/DCC, PDPL, NDMO, PCI DSS, ISO 27001, NIST.
• Preferred certifications: CISSP, CISM, CRISC, ISO 27001 LI/LA.