Country Information Security Officer, Saudi National

Job SummaryThe Country Information Security Officer (CISO) for Saudi Arabia is a senior leadership position requiring a sophisticated blend of business insight and technical expertise in Information and Cyber Security (ICS). This role is critical in steering the strategic direction and operational management of ICs risks to safeguard the organisation’s assets, ensure compliance with regulatory frameworks, and reduce exposure to cyber threats. Reporting directly to the Cluster CISO for MENAP and maintaining a matrix reporting relationship with the CEO and Head of Coverage for the Saudi Branch, this role commands a comprehensive view of ICs across all business lines within the country.The successful candidate will drive the adoption and full implementation of the ICs Risk Type Framework (RTF), aligning local practices with global standards to deliver consistent risk management outcomes. The role demands hands‑on involvement in risk assessment, continuous monitoring, control validation, and risk mitigation activities, ensuring that the Saudi branch meets both internal policies and external regulatory requirements while minimising disruption to client services. This leader will cultivate strong relationships with internal stakeholders across technology, compliance, and business units, as well as with external partners including regulators and auditors.Strategically, the CISO will develop and execute a detailed plan to enhance the ICs posture in Saudi Arabia by deploying control measures that address identified risks, leveraging both qualitative and quantitative data. The role includes oversight of digital footprint discovery, risk assessments, and embedding risk treatment plans that drive measurable improvements in ICs capabilities. Through proactive leadership, the incumbent will champion a culture of security awareness, accountability, and continuous enhancement to reinforce the resilience of the bank’s operations against evolving cyber threats.Key ResponsibilitiesBusiness Leadership and Stakeholder EngagementProvide authoritative leadership and direction on ICs risk management within the Saudi branch, fostering collaboration and alignment among key stakeholders, including CTOs, CIOs, security teams, and regulatory bodies.Champion the implementation and operationalisation of the ICs Risk Framework, working closely with management teams to identify critical information assets, perform comprehensive risk assessments, and prioritise mitigation efforts.Utilise both qualitative insights and quantitative metrics to validate the effectiveness of controls, accelerate risk evaluation processes, and maintain accurate risk profiles that inform strategic decision‑making.Deliver timely and insightful reports on ICs risk status, mitigation progress, and emerging threats to country and regional governance forums, ensuring transparency and informed oversight.Ensure seamless integration of security requirements within technology planning forums and influence the development of security technology road‑maps to address current and future risk landscapes.Lead the creation and execution of risk treatment plans in partnership with business and technology functions, balancing strategic priorities with operational constraints and navigating dependencies to achieve effective remediation.Coordinate cyber incident response planning and crisis management exercises, maintaining up‑to‑date playbooks, recovery strategies, and contingency measures to bolster organisational readiness.Drive security awareness initiatives targeted at senior leadership and staff, promoting a culture of risk accountability and resilience across the organisation.Manage responses to audit and regulatory inquiries pertaining to ICs strategies, controls, and compliance, ensuring timely and accurate resolution of issues.Maintain proactive engagement with local regulatory authorities, such as the Saudi Central Bank, to address submissions, advisory requests, and conduct assessments that align the organisation’s ICs posture with regulatory expectations.Support cross‑functional ICs initiatives including those related to capital market entities within Saudi Arabia, enhancing cohesive security practices across business units.Office‑based role located in Riyadh, Saudi Arabia with a full‑time schedule, underpinning close collaboration with internal and external stakeholders within the region.This is a critical strategic leadership role that demands a proactive, hands‑on approach to information security risk management and regulatory compliance in the Saudi financial services landscape.The Chief Information Security Officer for Saudi Arabia will anchor the organisation's efforts to mitigate cyber and information risks while ensuring alignment with global and regional standards. The role mandates a comprehensive understanding of market‑specific regulatory environments, particularly the directives issued by Saudi regulators such as SAMA and NCA, to maintain strong compliance a