IT

Cybersecurity Risk & Architecture Lead (Remote)

Remote
Work Type: Full Time
Apply Now

About SiFi: SiFi is a rapidly growing B2B Fin-Tech company transforming expense management for businesses in Saudi Arabia. As a licensed EMI from the Saudi Central Bank, we empower companies with innovative tools to simplify finance management.

Role Overview We are seeking a highly experienced Cybersecurity Risk & Architecture Lead to join our fintech. Reporting directly to the CISO, this role will be responsible for owning and driving cybersecurity risk management, enterprise security architecture, and regulatory alignment.
The individual will work closely with business, product, and technology teams to ensure that cybersecurity risk controls and architecture principles are consistently applied. The role will also be accountable for developing cybersecurity KPIs and KRIs to measure effectiveness and maturity, in line with SAMA CSF and other regulatory requirements (NCA ECC/DCC, PDPL, NDMO, PCI DSS, ISO 27001).

Key Responsibilities:
Risk Management
  • Lead the cyber risk assessment process, ensuring identification, evaluation, and treatment risks in line with SAMA CSF Maturity Level 3.
  • Own and maintain the cybersecurity risk register with clear risk ownership and treatment tracking.
  • Conduct a multi-tier risk assessment that includes people, process, and technology.
  • Conduct risk assessments for new products, SaaS platforms, infrastructure, and third-party engagements.
  • Perform vendor/outsourcing risk assessments in compliance with SAMA and NCA regulations.
  • Integrate risk-based decision-making into product, business, and technology initiatives.
Cybersecurity Architecture
  • Define and maintain the enterprise security architecture blueprint, covering cloud infrastructure, microservices, APIs, SaaS platforms, and endpoints.
  • Review and validate technical designs and deployments to ensure compliance with security requirements and regulatory standards.
  • Establish reference architectures and technical standards (IAM, encryption, secure APIs, network segmentation, cloud workloads).
  • Promote security by design practices across product and technology teams.
  • Ensure architectural compliance with SAMA CSF, PCI DSS, PDPL, NDMO, and NCA ECC/DCC Metrics, KPIs & KRIs.
  • Develop and track cybersecurity KPIs and KRIs to measure the effectiveness of risk management and architecture controls.
  • Provide metrics-driven insights to support CISO decision-making and continuous improvement of controls.
  • Support maturity assessments and reporting to demonstrate progress toward SAMA CSF Level 3+.

Key Requirements:

  • Minimum 8-10 years of experience in cybersecurity with proven expertise in risk management and security architecture.
  • Experience in financial services or fintech, preferably in a SAMA regulated environment.
  • Strong knowledge of SAMA CSF domains: Risk Management, Cybersecurity Architecture, Third Party Management, Compliance.
  • Expertise in cloud security, SaaS environments, APIs, and modern fintech architectures.
  • Familiarity with regulatory and industry standards: SAMA CSF, NCA ECC/DCC, PDPL, NDMO, PCI DSS, ISO 27001, NIST.
  • Preferred certifications: CISSP, CISM, CRISC, ISO 27001 LI/LA.
Key Skills:
  • Strong ability to design, review, and enforce secure architectures.
  • Deep knowledge of risk assessment methodologies and metrics-driven reporting.
  • Ability to translate regulatory requirements into operational KPIs and KRIs.
  • Strong collaboration with business, product, and technology teams.
  • Analytical mindset with focus on continuous improvement and measurable outcomes.
Experience Level:
Managerial
 
Sub Department:
Cybersecurity
 

Submit Your Application

You have successfully applied
  • You have errors in applying
Linked-in Profile

URL is required