Skip to sign up

Job matched to your search

Head of Security

Salla · Makkah

Makkah · On-siteFull-TimePosted Jun 29, 2026

Free · Join 5,000+ job seekers using Qarera

How well do you match this role?

Tap the skills you already have — then see your real match score, what’s missing, and your resume fixed for this job.

↑ tap the skills you have
Loading sign-in…
Free · no credit card · 30 seconds

Job description

Role Purpose As Head of Security at Salla, you are the most senior security authority at Salla. You set the strategy, build the team, and own the controls that keep our platform, our people, and our merchants safe. You translate risk into business language for the executive team and the Board, and you make security a competitive advantage rather than a constraint. You will lead end to end across every security domain and represent Salla's security posture to auditors, regulators, partners, and customers.

Please not that we are looking for Saudi Nationals only for this role. Key Responsibilities Security Strategy & Leadership

  • Own and evolve the enterprise security strategy, roadmap, and operating model across cloud, network, endpoint, physical, and GRC, aligned to Salla's growth and public-listing readiness
  • Act as the organization's principal security advisor; brief the executive team and the Board on cyber risk posture, investment priorities, and regulatory exposure
  • Define and steward the security budget, headcount plan, and tooling portfolio; drive measurable return on security investment
  • Establish security KPIs, OKRs, and a metrics-driven reporting cadence for leadership and audit committees

Cloud Security

  • Lead cloud security across the platform, including landing-zone hardening, network segmentation, secrets management, and workload protection (AWS strongly preferred)
  • Govern Infrastructure-as-Code security, container and Kubernetes security (image scanning, admission control, runtime protection), and CI/CD pipeline integrity
  • Drive Cloud Security Posture Management, workload protection, and continuous compliance against recognized cloud control frameworks and CIS benchmarks
  • Partner with SRE and Platform Engineering to embed secure-by-default guardrails that protect velocity rather than slow it

Network Security

  • Own network security architecture, including edge protection, DDoS mitigation, web application firewall, segmentation, and zero-trust network access
  • Govern the CDN and edge security stack, bot management, rate limiting, and origin lockdown for high-traffic, merchant-facing services
  • Oversee secure connectivity, private connectivity, VPN, and DNS security

Endpoint Security

  • Lead endpoint protection across corporate and engineering fleets, including EDR/XDR, device hardening, mobile device management, and disk encryption
  • Run a continuous vulnerability and patch management program with clear remediation SLAs
  • Define and enforce endpoint baselines and data loss prevention controls

Physical & Facility Security

  • Own physical security for Salla's offices and facilities in Makkah and other sites, including access control, CCTV, visitor management, and environmental controls
  • Align physical and logical access policies; govern physical access to sensitive areas and equipment
  • Coordinate with Facilities, HR, and local authorities on safety, badging, and on-site incident response

Identity & Access Management (Zero Trust)

  • Lead IAM strategy across cloud and corporate systems, including single sign-on, multi-factor authentication, privileged access management, and least-privilege enforcement
  • Automate joiner, mover, and leaver workflows and run periodic access recertification
  • Advance the organization toward a mature zero-trust architecture

Security Operations & Incident Response

  • Build and run the security operations capability, including SIEM, detection engineering, threat intelligence, and continuous monitoring
  • Own the incident response lifecycle from preparation through detection, containment, eradication, recovery, and blameless post-incident review
  • Lead tabletop exercises, red and purple teaming, and breach-readiness drills; maintain crisis-communication and breach-notification playbooks

Governance, Risk & Compliance (GRC)

  • Own the GRC function and the enterprise risk register; run the risk asses

Don’t just read the job — see if you’ll get it.

Get your match score, a resume tailored to this exact role, and jobs like it — free.

Check my fit for this job
Loading sign-in…
Apply →