Tap Payments
Head, Cybersecurity
- Permanent
- Riyadh, Saudi Arabia
- Experience 5 - 10 yrs
Job expiry date: 09/04/2026
Job overview
Date posted
23/02/2026
Location
Riyadh, Saudi Arabia
Salary
SAR 30,000 - 40,000 per month
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior Manager
Qualification
Bachelors degree
Expiration date
09/04/2026
Job description
The Head of Cybersecurity is a senior leadership role responsible for establishing, executing, and continuously enhancing the organizationās cybersecurity risk management program to safeguard technology systems, digital assets, and sensitive data. Based in Riyadh, this role oversees the development and maintenance of enterprise-wide information security strategies aligned with business objectives and regulatory requirements within the payments and financial services sector. The Head of Cybersecurity leads the design and implementation of governance frameworks, security policies, vendor risk programs, compliance initiatives, and performance metrics to ensure robust cyber resilience. The position requires deep expertise in regulatory standards such as PCI DSS, NIST, ISO/IEC 27001, SAMA Cybersecurity Framework, and other global compliance mandates relevant to fintech and payments ecosystems. Acting as a strategic partner to executive leadership, the role involves translating complex cyber risks into clear, business-focused insights while ensuring proactive risk mitigation, incident response preparedness, and continuous monitoring. The Head of Cybersecurity also coordinates cross-functional efforts across technology, product, risk, and compliance teams to embed security-by-design principles into all systems and initiatives. This position demands strong technical depth, governance expertise, leadership capability, and the ability to operate within high-growth, highly regulated financial environments.
Required skills
Key responsibilities
- Develop and maintain the organizationās comprehensive cybersecurity strategy, ensuring alignment with enterprise objectives and regulatory requirements.
- Establish and oversee enterprise-wide cybersecurity risk management programs, including governance, risk assessments, compliance monitoring, and executive reporting.
- Lead the design, implementation, and continuous improvement of security policies, procedures, and standards in accordance with regulatory frameworks such as PCI DSS, NIST, ISO/IEC 27001, SAMA, NCA, and COBIT.
- Coordinate and chair Cybersecurity Steering Committee activities, ensuring documented decisions, implementation tracking, and compliance oversight.
- Manage vendor and third-party risk programs, including security due diligence, ongoing monitoring, and compliance validation.
- Oversee regulatory audits, internal audits, and security assessments, ensuring timely remediation of findings and continuous compliance.
- Lead vulnerability management, penetration testing, intrusion detection, and threat monitoring initiatives to proactively mitigate security risks.
- Develop and maintain cybersecurity metrics, KPIs, KRIs, and executive dashboards to provide clear visibility into the organizationās cyber risk posture.
- Embed security-by-design principles across technology projects and change initiatives to identify and remediate security gaps early in development lifecycles.
- Collaborate closely with product, engineering, and business leaders to align security strategies with evolving market and operational needs.
- Drive security awareness and training programs to cultivate a strong cybersecurity culture across the organization.
- Lead and develop cybersecurity teams, ensuring operational excellence, skill advancement, and high performance.
- Present cybersecurity risks, mitigation strategies, and compliance updates to executive leadership and non-technical stakeholders.
- Ensure incident response, business continuity, and disaster recovery frameworks are robust, tested, and continuously improved.
- Stay current with evolving global cybersecurity threats, regulatory updates, and emerging technologies to maintain proactive defense capabilities.
Experience & skills
- 6ā8+ years of experience leading cybersecurity or related functions within financial services, fintech, or regulated environments.
- Bachelorās degree in Engineering, Computer Science, or a related technical discipline.
- Professional certifications such as CISSP, CISM, CISA, OSCP, CEH, or equivalent are strongly preferred.
- Extensive experience managing large or distributed cybersecurity teams with global exposure.
- Deep knowledge of regulatory and industry frameworks including PCI DSS, SOX 404, GLBA, NIST, ISO standards, FFIEC, SSAE, and related compliance regimes.
- Hands-on experience developing security policies, implementing GRC platforms, and managing enterprise risk frameworks.
- Proven ability to lead complex, multi-faceted technology and compliance initiatives in high-growth environments.
- Strong technical understanding of cybersecurity tools, platforms, protocols, and infrastructure protection mechanisms.
- Demonstrated experience presenting cybersecurity risks and strategies to executive and non-technical stakeholders.
- Strong stakeholder management skills with the ability to build effective partnerships across product, technology, and business teams.
- High level of familiarity with complex global information security infrastructures and threat landscapes.
- Excellent written and verbal communication skills in English; Arabic proficiency is an advantage.
- Ability to operate strategically while maintaining operational oversight in a fast-paced fintech environment.
- Strong analytical mindset with the ability to balance risk mitigation with business enablement objectives.