Summary
Overview
Work history
Education
Skills
Languages
Timeline
Generic
Salman Al Zahrani

Salman Al Zahrani

Riyadh,Saudi Arabia

Summary

Seasoned cybersecurity leader with proven experience in developing and executing enterprise cybersecurity strategy, strengthening governance, risk, and compliance (GRC), and ensuring regulatory alignment with frameworks such as SAMA CSF and NCA ECC. Experienced in enterprise risk management, security architecture, incident response, and threat intelligence operations. Strong background in vulnerability management, third-party risk oversight, and identity governance. Skilled in policy development, stakeholder engagement, and managing complex security programs. Focused on improving organizational security posture through practical decision-making, structured governance, and effective team leadership.

Overview

17
17
years of professional experience
2009
2009
years of post-secondary education

Work history

Deputy - Chief Cybersecurity Officer

Arab National Bank
Riyadh, Saudi Arabia
11.2024 - Current
  • Lead the bank’s enterprise Cybersecurity Strategy, defining direction across Governance, Risk Management, Compliance, Architecture, Engineering, Threat Intelligence, and the Cyber Fusion Center.
  • Drive a comprehensive cybersecurity transformation, uplifting governance structures, risk processes, operational maturity, technology posture, and regulatory alignment with national and international frameworks.
  • Oversee all cybersecurity operations, including monitoring, incident response, vulnerability management, threat intelligence, and configuration assurance, ensuring resilience, readiness, and risk-based prioritization.
  • Strengthen enterprise security architecture and secure-by-design governance across digital platforms, infrastructure modernization, and large-scale technology initiatives.
  • Govern identity and access management, enterprise cyber risk, third-party risk, and cybersecurity requirements across all bank projects, change-management cycles, and business initiatives.
  • Lead cybersecurity governance forums, risk reviews, and policy oversight, ensuring consistent accountability, risk ownership, and organization-wide compliance.
  • Manage strategic cybersecurity programs, budgets, and vendor portfolios, ensuring alignment with business priorities, measurable security outcomes, and risk-reduction targets.
  • Provide executive-level reporting on cyber risk posture, governance effectiveness, compliance status, operational performance, and strategic program progress.

SVP Head of Cybersecurity Risk Management

Riyad Bank
01.2023 - 10.2024
  • As the Head of Cybersecurity Risk Management at Riyad Bank, I oversaw business and technology risks, third-party risk management, penetration testing and attack simulation. My role involved establishing a comprehensive cybersecurity program, enhancing existing practices, ensuring collaboration across departments, managing risks, overseeing third-party risk processes, conducting testing and simulations, developing incident response plans, providing cybersecurity expertise, and demonstrating leadership to enhance the bank’s resilience against cyber threats.

Director Of Cybersecurity

Baidya Finance
01.2022 - 01.2023
  • As a CISO, I established a comprehensive cybersecurity program and enhanced existing practices to ensure the organization’s resilience against cyber threats. This involved developing and implementing a robust cybersecurity strategy aligned with business objectives and regulatory requirements. Key responsibilities included assessing and mitigating risks through regular assessments, implementing controls, and monitoring the threat landscape. I established and maintained security policies, standards, and procedures to protect critical assets. I oversaw the implementation and management of security technologies, developed and executed incident response and disaster recovery plans, and fostered a culture of security awareness through training and communication programs. I collaborated with cross-functional teams to ensure alignment of cybersecurity initiatives, reported to executive management and the board on the organization’s cybersecurity posture, and represented the organization in industry forums while staying abreast of emerging threats and best practices. Also, I was appointed by Saudi Central bank to be the vice chairman of financial sector cybersecurity committee.

Manager Of Information Security Governance

AL Bilad Bank
01.2018 - 01.2022
  • As a GRC Manager, I focused on ensuring regulatory compliance at national and international levels. I led initiatives to establish robust governance structures, promote a security culture, and enhance cybersecurity risk management. This included developing risk frameworks, conducting assessments, and implementing controls. I also managed change reviews, collaborated with project teams to address security risks, and maintained alignment with cybersecurity objectives and regulations. Additionally, I engaged with external regulators, oversaw audits, and demonstrated commitment to compliance. I spearheaded security awareness programs, educating staff on best practices and fostering a security-conscious environment. Through strong leadership and collaboration, I drove security initiatives to bolster the bank’s resilience against cyber threats. Also, I was appointed to be the secretary of the Cybersecurity Committee within the bank.

INFO. SEC. GRC SENIOR SPECIALIST

AL Bilad Bank
01.2017 - 01.2018
  • Participated in the Cyber Security Framework gap assessment, documentation, and implementation initiatives, playing a key role in identifying areas for improvement and driving strategic initiatives to enhance security posture. As part of my responsibilities, I managed Information Security Risk assessments, ensuring risks were properly identified, evaluated, and mitigated or accepted in alignment with organizational risk appetite. Additionally, I assessed business and IT changes from a security perspective, providing subject matter expertise to identify and address potential risks. I also handled Internal Audit exercises by preparing management actions, monitoring the status of existing findings, and ensuring timely remediation of issues identified. Furthermore, I led the Saudi Central Bank Cybersecurity Framework Compliance Project, ensuring the organization met regulatory requirements and demonstrating strong security governance practices.

ACCESS AUDITING & MONITORING SPECIALIST

AL Inma Bank
01.2017 - 01.2017
  • Leading comprehensive Access Management reviews, auditing Access Management Operations Functions, and diligently upholding all associated policies and procedures to ensure robust security controls and regulatory compliance. Additionally, actively refining access control mechanisms, optimizing operational processes, and continuously enhancing governance frameworks to safeguard critical assets and data integrity.
  • 2 Months

INFO. SEC. GRC SPECIALIST

AL Rajhi Bank
01.2015 - 01.2017
  • I led the change management process within Information Security, where my role involved meticulously reviewing changes against specific risk assessment checklists and regulatory requirements. Additionally, I actively represented Information Security in key forums such as the Architecture Committee, Release Meetings, and the CAP Committee, ensuring alignment and compliance across various decision-making bodies. I headed the implementation of Governance, Risk, and Compliance (GRC) solutions to elevate functional maturity by leveraging automated processes within the GRC framework, thereby enhancing efficiency and effectiveness in compliance management.

INFO. SEC. CONTROLS SPECIALIST

AL Rajhi Bank
01.2012 - 01.2015
  • I examine and assess Internal Audit Draft Reports, partner with finding owners to formulate action plans for acknowledged findings, and offer an explanation for any findings that are disputed. In addition, I was accountable for the administration of critical cybersecurity technological controls, ensuring their optimal performance and comprehensive coverage across the bank’s environment. Additionally, I was responsible of planning and implementing a Data Loss Prevention solution among the organization by defining the control policies and mapping them to the data classification policy and reflecting these policies to the system. Also, led the change management process within Information Security, where my role involved meticulously reviewing changes against specific risk assessment checklists and regulatory requirements. Additionally, I actively represented Information Security in key forums such as the Architecture Committee, Release Meetings, Pre-CAP Meetings, and the CAP Committee, ensuring alignment and compliance across various decision-making bodies.

INFO. SEC. ACCESS MANAGEMENT SPECIALIST

AL Rajhi Bank
01.2009 - 01.2012
  • Overseeing user access across the organization and performing regular evaluations on various systems. I have been involved in the planning and execution of Identity and Access Management (IDAM) projects.

Education

Diploma - Programming

Institute of public administration

Skills

  • Cybersecurity Strategy & Leadership
  • Governance, Risk & Compliance (GRC)
  • Regulatory Alignment (SAMA CSF, NCA ECC, International Standards)
  • Enterprise Risk Management
  • Security Architecture & Secure-by-Design
  • Incident Response & Crisis Management
  • Threat Intelligence & Threat Management
  • Vulnerability & Exposure Management
  • Third-Party Risk Management
  • Identity & Access Governance
  • Cybersecurity Operations Management
  • Policy Development & Security Governance
  • Stakeholder & Executive Communication
  • Program & Portfolio Management
  • Decision-Making & Strategic Prioritization
  • Team Leadership & Capability Development

Languages

English
Fluent
Arabic
Native

Timeline

Deputy - Chief Cybersecurity Officer

Arab National Bank
11.2024 - Current

SVP Head of Cybersecurity Risk Management

Riyad Bank
01.2023 - 10.2024

Director Of Cybersecurity

Baidya Finance
01.2022 - 01.2023

Manager Of Information Security Governance

AL Bilad Bank
01.2018 - 01.2022

INFO. SEC. GRC SENIOR SPECIALIST

AL Bilad Bank
01.2017 - 01.2018

ACCESS AUDITING & MONITORING SPECIALIST

AL Inma Bank
01.2017 - 01.2017

INFO. SEC. GRC SPECIALIST

AL Rajhi Bank
01.2015 - 01.2017

INFO. SEC. CONTROLS SPECIALIST

AL Rajhi Bank
01.2012 - 01.2015

INFO. SEC. ACCESS MANAGEMENT SPECIALIST

AL Rajhi Bank
01.2009 - 01.2012

Diploma - Programming

Institute of public administration

Similar Profiles

  • Rahaf AlmisbahRahaf Almisbah

    COOP at Arab National BankCOOP at Arab National Bank

  • Ahmad YasawyAhmad Yasawy

    Senior Dealer- Money market & Investments Desk at Arab National BankSenior Dealer- Money market & Investments Desk at Arab National Bank

  • Rawan AlhobaybRawan Alhobayb

    Senior Manager Documents Review and Assessment at Arab National Bank (anb)Senior Manager Documents Review and Assessment at Arab National Bank (anb)

  • SADEEM ALBUZAYASADEEM ALBUZAYA

    Administrative assistant - Nursing Services at King Khalid Eye Specialist Hospital.Administrative assistant - Nursing Services at King Khalid Eye Specialist Hospital.

  • Abdullah AlowaisAbdullah Alowais

    Technical Engineer at King Abdulaziz City for Science and Technology (KACST)Technical Engineer at King Abdulaziz City for Science and Technology (KACST)

Create profile
Salman Al Zahrani