CISO
* The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. * This role is critical and must oversee the Security of both Information Technology and Operational Technology. * This leader will ensure compliance with the National Cybersecurity Authority (NCA) regulations and align security initiatives with Saudi Vision 2030 digital transformation goals.
Key Responsibilities:
Strategy & Governance
- Develop and implement a comprehensive cybersecurity strategy that aligns with the operational goals and safety standards.
- NCA Compliance: Ensure full compliance with the Saudi National Cybersecurity Authority (NCA) regulations, specifically the Essential Cybersecurity Controls (ECC) and Critical Systems Cybersecurity Controls (CSCC).
- Develop and enforce security policies, standards, and procedures for both corporate and industrial networks.
- Report the state of cybersecurity directly to the Board of Directors and Executive Committee.
IT/OT Convergence & Critical Infrastructure Protection
- OT Security - Oversee the protection of Industrial Control Systems (ICS), signaling systems (e.g., ERTMS/ETCS), and rolling stock operational data.
- Bridge the gap between IT and Engineering/Operations teams to ensure a unified security posture.
- Conduct regular threat modeling for critical infrastructure to prevent cyber-physical attacks.
Risk Management & Incident Response
- Manage the Cyber Security Operations Center (CSOC) and ensure 24/7 monitoring of threats.
- Lead the Incident Response Team (IRT) in the event of a breach, minimizing operational downtime and reputational damage.
- Conduct regular vulnerability assessments and penetration testing on booking systems, mobile apps, and control networks.
Data Privacy & Vendor Management
- Ensure compliance with the Saudi Personal Data Protection Law (PDPL) regarding passenger and employee data.
- Oversee Third-Party Risk Management (TPRM), ensuring that supply chain partners (locomotive manufacturers, signaling vendors, maintenance providers) meet security standards.
Required:
- Minumum 10 years of experience in Information Security, with at least 4 years in a leadership role (CISO, Head of Security, etc.).
- Experience in Critical Infrastructure sectors.
- Proven experience managing OT/ICS security environments (SCADA, PLC security).
- Any 2 Certifications - CISSP, CISM, CISA or GICSP ((Global Industrial Cyber Security Professional).
- Deep understanding of NCA frameworks (ECC, CSCC, DCC).
- Strong understanding of Cloud Security (Azure/AWS) and IoT security.
- The ideal candidate must possess deep knowledge of Saudi National Cybersecurity Authority (NCA) regulations, specifically ECC and CSCC standards.
- Due to the critical nature of the role, Saudi Nationals are strongly preferred in alignment with Vision 2030 and Nitaqat requirements.
About the job
Contract Type: Perm
Specialism: Information Technology
Focus: Cyber Security
Industry: IT
Salary: AED48969.78 - AED53866.76 per month
Workplace Type: On-site
Experience Level: Executive
Location: Jeddah
FULL_TIMEJob Reference: 51JDBA-F64138E6
Date posted: 2 July 2026
Consultant: Arlene Porazo
saudi-arabia information-technology/cyber-security 2026-07-02 2026-08-31 it Jeddah SA Robert Walters https://www.robertwalters.ae https://www.robertwalters.ae/content/dam/robert-walters/global/images/logos/web-logos/square-logo.png true