Cybersecurity Incident Lead

Who Are We

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting-edge financial and technological tools.

HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.

Founded in 2017, HALA is currently duly licensed by the Saudi Arabian Central Bank as well as the Financials Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.

Job Summary: 

The Cybersecurity Incident Lead's primary function is to take command of an active security crisis, directing the Incident Response (IR) team and coordinating internal and external stakeholders—including legal, communication, and executive teams—to execute a comprehensive strategy for immediate containment, threat eradication, system recovery, and evidence preservation; they are responsible for critical decision-making under pressure, serving as the main liaison for executive reporting and regulatory compliance, and subsequently leading the post-incident analysis to identify root causes and implement lessons learned to strengthen future defenses.

Tasks & Responsibilities:

• Own incident response (IR) lifecycle: detect, triage, contain, eradicate, recover, and post-incident review per SAMA CSF and NCA ECC-2.

• Lead major incident war-rooms, coordinate SOC, IT, Product, Legal, and Comms, and ensure timely regulator-ready reporting.

• Maintain IR playbooks for fintech/payments threats (account takeover, fraud, ransomware, API abuse, data leakage).

• Run tabletop and simulation drills; measure MTTR, response quality, and control improvements.

• Drive root-cause analysis and track corrective/preventive actions to closure.

Qualifications: 

• Bachelor’s in Cybersecurity/CS or related field.

• 7–10+ years in SOC/IR with 2+ years leading incidents in regulated environments.

• Strong knowledge of forensics basics, malware triage, cloud/SaaS IR, and crisis communications.

• Working knowledge of SAMA CSF and NCA ECC-2 incident controls. 

• Certs preferred: GCIH, GCFA, CISSP, or equivalent.

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in-office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper-growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.