Job matched to your search
Head of Security
Salla · Makkah
Free · Join 5,000+ job seekers using Qarera
How well do you match this role?
Tap the skills you already have — then see your real match score, what’s missing, and your resume fixed for this job.
Job description
Role Purpose As Head of Security at Salla, you are the most senior security authority at Salla. You set the strategy, build the team, and own the controls that keep our platform, our people, and our merchants safe. You translate risk into business language for the executive team and the Board, and you make security a competitive advantage rather than a constraint. You will lead end to end across every security domain and represent Salla's security posture to auditors, regulators, partners, and customers.
Please not that we are looking for Saudi Nationals only for this role. Key Responsibilities Security Strategy & Leadership
- Own and evolve the enterprise security strategy, roadmap, and operating model across cloud, network, endpoint, physical, and GRC, aligned to Salla's growth and public-listing readiness
- Act as the organization's principal security advisor; brief the executive team and the Board on cyber risk posture, investment priorities, and regulatory exposure
- Define and steward the security budget, headcount plan, and tooling portfolio; drive measurable return on security investment
- Establish security KPIs, OKRs, and a metrics-driven reporting cadence for leadership and audit committees
Cloud Security
- Lead cloud security across the platform, including landing-zone hardening, network segmentation, secrets management, and workload protection (AWS strongly preferred)
- Govern Infrastructure-as-Code security, container and Kubernetes security (image scanning, admission control, runtime protection), and CI/CD pipeline integrity
- Drive Cloud Security Posture Management, workload protection, and continuous compliance against recognized cloud control frameworks and CIS benchmarks
- Partner with SRE and Platform Engineering to embed secure-by-default guardrails that protect velocity rather than slow it
Network Security
- Own network security architecture, including edge protection, DDoS mitigation, web application firewall, segmentation, and zero-trust network access
- Govern the CDN and edge security stack, bot management, rate limiting, and origin lockdown for high-traffic, merchant-facing services
- Oversee secure connectivity, private connectivity, VPN, and DNS security
Endpoint Security
- Lead endpoint protection across corporate and engineering fleets, including EDR/XDR, device hardening, mobile device management, and disk encryption
- Run a continuous vulnerability and patch management program with clear remediation SLAs
- Define and enforce endpoint baselines and data loss prevention controls
Physical & Facility Security
- Own physical security for Salla's offices and facilities in Makkah and other sites, including access control, CCTV, visitor management, and environmental controls
- Align physical and logical access policies; govern physical access to sensitive areas and equipment
- Coordinate with Facilities, HR, and local authorities on safety, badging, and on-site incident response
Identity & Access Management (Zero Trust)
- Lead IAM strategy across cloud and corporate systems, including single sign-on, multi-factor authentication, privileged access management, and least-privilege enforcement
- Automate joiner, mover, and leaver workflows and run periodic access recertification
- Advance the organization toward a mature zero-trust architecture
Security Operations & Incident Response
- Build and run the security operations capability, including SIEM, detection engineering, threat intelligence, and continuous monitoring
- Own the incident response lifecycle from preparation through detection, containment, eradication, recovery, and blameless post-incident review
- Lead tabletop exercises, red and purple teaming, and breach-readiness drills; maintain crisis-communication and breach-notification playbooks
Governance, Risk & Compliance (GRC)
- Own the GRC function and the enterprise risk register; run the risk asses
More jobs in Makkah
Browse related jobs
Don’t just read the job — see if you’ll get it.
Get your match score, a resume tailored to this exact role, and jobs like it — free.
Check my fit for this job