Cyber Security Leadership & Governance
Board and executive accountability, CISO role, strategy, and reporting.
- Governance
- Strategy
- Committee reporting
Mandatory for banks, insurers, and financial institutions supervised by SAMA in the Kingdom. Sentinel Unity connects SAMA domains to assessments, cyber risk, and third-party risk programs, with group rollup for GCC headquarters.
Issued by: Saudi Central Bank (SAMA) · Sector: regulated financial institutions in KSA
Five
CSF domains
Vendor
Risk emphasis
Annual
Assessment cycle
Financial
Sector scope
Structure
Board and executive accountability, CISO role, strategy, and reporting.
Risk appetite, assessment, and treatment for financial threats.
Identity, network, endpoints, logging, and security monitoring.
Vendor tiering, due diligence, contracts, and monitoring.
Incident response, disaster recovery, and recovery for financial operations.
Platform mapping
Domain-based assessments with maturity and evidence per control.
Vendor classification, diligence campaigns, and contract clause tracking aligned to SAMA third-party domain.
Residual risk and treatment linked to CSF control gaps.
Tier vendors by data access, criticality, and regulatory exposure.
Questionnaires and evidence before onboarding vendors.
Audit rights, notification timelines, and security standards in contracts.
Book a demo with our GRC specialists to see how Sentinel Unity supports programs across the Gulf.
No commitment required. Typical demo is 45 minutes.