Information Security & Compliance Specialist

We’re looking for an experienced Information Security Specialist to join our team. This role is essential to maintaining and enhancing the security of our organization’s data, systems, and infrastructure while ensuring compliance with Saudi Arabian and MENA regional regulatory requirements.

The ideal candidate will have hands-on experience with SAMA Cybersecurity Framework, NCA regulations, and PDPL compliance, along with strong cybersecurity fundamentals and a proactive approach to identifying and mitigating security risks.

Who we are:

At ZenHR, our passion is delighting customers! We are an award-winning, cloud-based HRMS that supports the entire HR value chain, from the “acquire” to the “retire” stage. Our team is made up of young, passionate

people committed to providing cutting-edge technology and constantly researching and implementing new HR trends that cater to employers in the MENA region.

Obstacles don’t faze us; we see them as opportunities. We challenge the status quo and work to improve the HR landscape in our region. If you’re excited to make an impact in the HR world, ZenHR is the place for you!

Our people are the heart of our culture. We’re committed to diversity, and inclusion, and we take pride in ensuring equal employment opportunities for all. Our hiring process is designed to attract and retain A-players from diverse backgrounds to help drive our success.

What we offer:

• Flexible working hours and
• remote/work-from-home option
• Health insurance coverage from day one at ZenHR
• Access to online and in-person Mental Health sessions
• A Zen work atmosphere
• Great culture and amazing people to work with and learn from

The Job – Information Security Specialist

What you'll be doing:

• Conduct regular risk assessments to identify vulnerabilities and potential threats
• Develop and implement strategies to mitigate identified risks
• Draft, implement, and maintain security policies, procedures, and guidelines
• Ensure compliance with Saudi Arabian regulatory requirements including SAMA Cybersecurity Framework, NCA Essential Cybersecurity Controls (ECC), and PDPL (Personal Data Protection Law)
• Ensure compliance with international standards (SOC 2, ISO 27001)
• Ensure proper information systems and information processing facilities protection, including defining a list of authorized software and versions needed
• Ensure proper data and information protection by reviewing classification schemes, defining standards for labeling information assets, and establishing rules for sharing sensitive information
• Ensure proper vulnerability management activities, including performing regular authenticated vulnerability scans on systems, reviewing vulnerability rankings, and taking corrective actions as necessary
• Conduct cyber security incident and threat management activities, activating incident response procedures when an incident or threat is detected
• Develop, maintain, and test business continuity and disaster recovery plans
• Ensure proper physical security for sensitive information, including secure disposal of sensitive information on media and systems
• Conduct cybersecurity activities as required by relevant regulatory requirements, including web application security, third-party cybersecurity, and cloud computing security
• Educate staff on security policies and best practices; promote a culture of security awareness
• Work closely with other teams to ensure secure system design and implementation
• Provide guidance and support for security-related queries, including customer security assessments
• Conduct internal security audits and participate in external audits
• Prepare reports on security posture and incidents for management review
• Stay updated on the latest security trends, threats, and regional regulatory changes

Who you are:

• Bachelor’s degree in Information Security, Computer Science, or a related field
• 3+ years of experience in information security with a focus on GCC/MENA regulatory compliance
• Demonstrated experience implementing SAMA Cybersecurity Framework requirements
• Working knowledge of NCA Essential Cybersecurity Controls (ECC, CCC) and related regulations
• Familiarity with PDPL (Saudi and Jordan Personal Data Protection Laws) compliance requirements
• Strong knowledge of security frameworks (ISO 27001, NIST, SOC 2)
• Experience with cloud security (AWS, Azure, or GCP)
• Ability to work independently and handle multiple priorities effectively

Preferred:

• Relevant certifications such as ISO (27001, 22301) Lead Implementer/Auditor, CISM, or CEH
• Previous experience in SaaS/cloud-based product companies
• Experience supporting customer security assessments and audits