
Salla
Requirements
Requires over 12 years of experience in cybersecurity with at least 5 years in senior leadership within SaaS, fintech, or e-commerce. Candidates must be Saudi Nationals with a bachelor’s degree and deep expertise in AWS, GRC frameworks, and Saudi regulatory requirements.
Job Summary
Role Purpose
As Head of Security at Salla, you are the most senior security authority at Salla. You set the strategy, build the team, and own the controls that keep our platform, our people, and our merchants safe. You translate risk into business language for the executive team and the Board, and you make security a competitive advantage rather than a constraint. You will lead end to end across every security domain and represent Salla’s security posture to auditors, regulators, partners, and customers.
Please not that we are looking for Saudi Nationals only for this role.
Key Responsibilities
Security Strategy & Leadership
Own and evolve the enterprise security strategy, roadmap, and operating model across cloud, network, endpoint, physical, and GRC, aligned to Salla’s growth and public-listing readiness.
Act as the organization’s principal security advisor; brief the executive team and the Board on cyber risk posture, investment priorities, and regulatory exposure.
Define and steward the security budget, headcount plan, and tooling portfolio; drive measurable return on security investment.
Establish security KPIs, OKRs, and a metrics-driven reporting cadence for leadership and audit committees.
Cloud Security
Lead cloud security across the platform, including landing-zone hardening, network segmentation, secrets management, and workload protection (AWS strongly preferred).
Govern Infrastructure-as-Code security, container and Kubernetes security (image scanning, admission control, runtime protection), and CI/CD pipeline integrity.
Drive Cloud Security Posture Management, workload protection, and continuous compliance against recognized cloud control frameworks and CIS benchmarks.
Partner with SRE and Platform Engineering to embed secure-by-default guardrails that protect velocity rather than slow it.
Network Security
Own network security architecture, including edge protection, DDoS mitigation, web application firewall, segmentation, and zero-trust network access.
Govern the CDN and edge security stack, bot management, rate limiting, and origin lockdown for high-traffic, merchant-facing services.
Oversee secure connectivity, private connectivity, VPN, and DNS security.
Endpoint Security
Lead endpoint protection across corporate and engineering fleets, including EDR/XDR, device hardening, mobile device management, and disk encryption.
Run a continuous vulnerability and patch management program with clear remediation SLAs.
Define and enforce endpoint baselines and data loss prevention controls.
Physical & Facility Security
Own physical security for Salla’s offices and facilities in Makkah and other sites, including access control, CCTV, visitor management, and environmental controls.
Align physical and logical access policies; govern physical access to sensitive areas and equipment.
Coordinate with Facilities, HR, and local authorities on safety, badging, and on-site incident response.
Identity & Access Management (Zero Trust)
Lead IAM strategy across cloud and corporate systems, including single sign-on, multi-factor authentication, privileged access management, and least-privilege enforcement.
Automate joiner, mover, and leaver workflows and run periodic access recertification.
Advance the organization toward a mature zero-trust architecture.
Security Operations & Incident Response
Build and run the security operations capability, including SIEM, detection engineering, threat intelligence, and continuous monitoring.
Own the incident response lifecycle from preparation through detection, containment, eradication, recovery, and blameless post-incident review.
Lead tabletop exercises, red and purple teaming, and breach-readiness drills; maintain crisis-communication and breach-notification playbooks.
Governance, Risk & Compliance (GRC)
Own the GRC function and the enterprise risk register; run the risk assessment and treatment lifecycle.
Lead certification and audit programs spanning ISO/IEC 27001, SOC 2, and PCI DSS, with alignment to the NCA Essential Cybersecurity Controls and Cloud Cybersecurity Controls, and to the SAMA Cyber Security Framework where applicable.
Own data protection and privacy compliance under the Saudi Personal Data Protection Law and SDAIA requirements, including data inventories, processing agreements, and cross-border transfer controls.
Prepare Salla’s security and IT-governance posture for Tadawul listing, including controls maturity, evidence collection, and auditor readiness.
Author, ratify, and maintain the full lifecycle of security policies, standards, and procedures.
Third-Party & Vendor Risk
Establish and run the third-party risk program, including security due diligence, contractual security terms, and continuous monitoring of critical suppliers.
Embed security requirements into procurement and vendor onboarding.
Security Awareness & Culture
Build a company-wide security awareness, training, and phishing-simulation program.
Champion a positive, blameless security culture in which security is a shared responsibility.
Team Leadership & Organization Building
Lead, mentor, and grow a multidisciplinary security organization spanning cloud security, SecOps, GRC, and physical security.
Set objectives, develop talent, and build the hiring plan to scale the function with the business.
Forge cross-functional partnerships with Engineering, SRE, IT, Legal, HR, and Finance.
12+ years in information and cyber security, including 5+ years in senior security leadership (Head of Security, Director, or CISO-track) at a SaaS, fintech, or e-commerce organization.
Demonstrated ownership of security across multiple domains: cloud, network, endpoint, physical, and GRC.
Deep hands-on and architectural knowledge of cloud security (AWS strongly preferred), including Kubernetes and modern CI/CD.
Proven track record building and operating security operations and incident response at scale.
Strong GRC experience across ISO 27001, PCI DSS, GDPR and Saudi regulatory frameworks (NCA ECC and CCC, PDPL and SDAIA; SAMA CSF a plus).
Experience leading audits and certifications, ideally including IPO or regulatory-readiness programs.
Excellent executive communication; able to translate technical risk into business and regulatory language for the Board.
Bachelor’s degree in Computer Science, Engineering, Information Security, or a related field.
Willingness and eligibility to work on-site in Makkah, Saudi Arabia.
Responsibilities
The Head of Security is responsible for setting the overall security strategy and leading all security domains, including cloud, network, and physical security. They act as the principal security advisor to the executive team and Board, ensuring regulatory compliance and platform safety.
We are a job aggregator. All rights belong to the original company or recruiter. We do not claim ownership of any listings.
To apply for this job please visit jobs.workable.com.
Disclaimer: gulfjobworld.in is a job information platform that aggregates and shares job openings sourced from various public websites, official career pages, social media channels, and third-party job portals. We are not directly affiliated with the companies mentioned, nor do we guarantee job placement. All trademarks and logos belong to their respective owners.
While we strive to keep the information accurate and up to date, we recommend that candidates verify the details and apply through official sources whenever possible. Always exercise caution and avoid any recruitment-related payments or suspicious requests.
gulfjobworld.in is a dedicated platform for job seekers looking for reliable opportunities in the Gulf region. We regularly post verified openings, including walk-in interviews and direct company listings from countries like the UAE, Saudi Arabia, Qatar, and other GCC nations. Whether you’re exploring new jobs in Dubai, Abu Dhabi, Riyadh, or Doha, our updates are designed to help you stay informed and apply with confidence.
Explore the Job Opportunities with confidence.
Follow us for daily updates:
LinkedIn – Gulf Job World
