Top 10: CISOs in MEA

The Middle East and Africa (MEA) region is experiencing an unprecedented wave of digital transformation, rapidly adopting mobile-first economies, cloud-native infrastructures and artificial intelligence.

This aggressive technological leap is not without its drawbacks. For instance, this has exponentially expanded the region's attack surface, attracting highly-sophisticated, AI-enabled cybercriminals and state-sponsored threat actors.

The Middle East has historically recorded some of the highest data breach costs globally, averaging around $6.53m per incident in IBM’s Cost of a Data Breach studies.

As cybercrime becomes increasingly professionalised and borderless, the need for uncompromising, robust enterprise security has never been more critical. 

Protecting national critical infrastructure and vast corporate assets now requires visionary leadership capable of bridging the gap between proactive risk management and continuous business innovation.

Showcasing the elite executives at the forefront of this digital defence, Cyber Magazine highlights the Top 10 CISOs based in the MEA region.

10. Dr Harrison Nnaji

Company: FirstBank Nigeria 
Headquarters: Lagos, Nigeria
Revenue: US$2.34bn (Parent company First HoldCo Plc)

Dr Harrison is Group Chief Information Security Officer at First Bank of Nigeria, where he leads cybersecurity strategy across one of West Africa’s largest banking institutions.

With more than 17 years of experience and an engineering background, he applies a structured approach to managing complex cyber risks across multi-country operations.

He focuses on strengthening cybersecurity awareness and developing talent as a critical defence layer.

His leadership supports secure digital transformation, positioning cybersecurity as a key enabler of resilient and scalable financial services across Africa.

9. Feroz Khan

Company: TotalEnergies Qatar
Headquarters: Doha, Qatar
Revenue: US$183.96bn (Global, source: stock analysis)

Feroz Khan is Head of IT Security, Compliance and Projects at TotalEnergies Qatar, where he leads cybersecurity and governance across critical energy operations.

He was recognised as a winner of the IDC CISO Excellence Awards 2025 in Qatar, highlighting his contribution to advancing security practices and organisational resilience.

Khan focuses on aligning global security frameworks with local regulatory requirements while supporting secure digital transformation.

His leadership emphasises risk management, compliance and building a strong cyber-aware culture within the energy sector.

8. Sarfaraz Muneer

Company: Mubadala Investment Company
Headquarters: Abu Dhabi, UAE
Revenue: Not publicly disclosed

Sarfaraz Muneer is Vice President Cyber Security Assurance at Mubadala Investment Company, the sovereign wealth fund of Abu Dhabi.

He leads cybersecurity strategy across a large-scale investment organisation, focusing on strengthening cyber resilience, governance and secure digital transformation.

He was recognised as a winner of the IDC CISO Excellence Awards 2025 (UAE edition), highlighting his contribution to advancing enterprise security practices within the region.

His work supports the protection of critical digital infrastructure and ensures robust security frameworks across complex global investment operations.

7. Justin Williams

Company: MTN Group
Headquarters: Fairland, South Africa
Revenue: ~US$12-14bn

Justin Williams is Group Chief Information Security Officer at MTN Group, Africa’s largest telecommunications operator.

He leads the Group Security function, overseeing cybersecurity strategy across a multinational organisation serving over 300 million customers across Africa and the Middle East.

With nearly two decades of senior consulting experience at EY and prior security leadership roles at Transnet, he brings deep expertise in enterprise cybersecurity transformation.

His focus includes strengthening cyber resilience, governance and risk management across large-scale telecom infrastructure operating in complex and highly regulated environments.

6. Mohammed J Abbas

Company: First Abu Dhabi Bank (FAB)
Headquarters: Abu Dhabi, UAE
Revenue: US$9.98bn

Mohammed J Abbas serves as the Acting CISO at First Abu Dhabi Bank, securing the digital infrastructure of the largest bank in the United Arab Emirates.

He focuses on proactive risk mitigation and stringent data privacy compliance to align with evolving regional laws and international frameworks.

Mohammed recently earned recognition as a premier CISO winner at the Global Security Symposium UAE.

His leadership ensures secure cross-border payments and maintains robust operational resilience. 

5. Ishaaq Jacobs

Company: Sasol
Headquarters: Sandton, South Africa
Revenue: Not publicly disclosed

Ishaaq Jacobs is the Chief Cyber Security Officer for a major integrated energy and chemical company in the form of Sasol. 

He advocates for the use of AI to gain a tactical advantage against modern threat actors.

With more than two decades of experience, Ishaaq embeds security directly into the corporate risk management framework by maintaining full visibility over the infrastructure footprint.

He focuses on continuous improvement, regular phishing simulations and clear governance controls to ensure rapid response and recovery during potential incidents.

4. Celia Mantshiyane

Company: FirstRand
Headquarters: Johannesburg, South Africa
Revenue: US$8.38bn (Source: Companies Market Cap)

Celia Mantshiyane serves as the Group Chief Information Security Officer for FirstRand where she protects a sprawling digital banking ecosystem.

She recently won CISO of the Year at the 2026 Wired4Women Awards for her leadership in cyber resilience and information security.

Her primary mandate involves securing sensitive financial data and ensuring the continuous availability of critical banking services against ransomware and sophisticated fraud.

Beyond her immediate technical responsibilities, Celia actively champions inclusion and inspires female cybersecurity professionals across Africa.

3. Favour Femi-Oyewole

Company: Access Bank
Headquarters: Lagos, Nigeria
Revenue: US$3.2bn (2024)

Favour Femi-Oyewole is Group Chief Information Security Officer at Access Bank, one of Africa’s largest financial institutions.

She boasts more than two decades of experience in cybersecurity, IT governance and risk management across the financial services sector.

Favour has received multiple international recognitions, including the EC-Council Global Certified CISO (C|CISO) of the Year and a Forbes Best of Africa Cybersecurity Award of Excellence.

Her work focuses on strengthening cyber resilience, fraud prevention and information security governance within large-scale digital banking environments, while supporting secure financial innovation across Africa’s rapidly evolving fintech ecosystem.

2. Abeer Khedr 

Company: National Bank of Egypt (NBE)
Headquarters: Cairo, Egypt
Revenue: US$3.8bn (H1 2025, source: Daily News Egypt)

Abeer Khedr is Group Head of Cybersecurity at the National Bank of Egypt, the country’s largest financial institution.

She also serves as Chair of the Cyber Security Committee at the Federation of Egyptian Banks.

Having spent more than two decades in cybersecurity, IT governance and risk management, she has led the development of enterprise-wide security strategy and information security management systems within the banking sector.

Abeer's work focuses on strengthening cyber resilience, regulatory compliance and fraud prevention across large-scale financial infrastructure. She has received regional recognition, including inclusion in IFSEC Global Security Influencers and multiple industry awards.

1. Abdulaziz Al-Shafi

Company: Saudi Aramco
Headquarters: Dhahran, Saudi Arabia
Revenue: US$489.1bn

Abdulaziz Al-Shafi is Vice President of Cybersecurity and Chief Information Security Officer at Saudi Aramco, one of the world’s largest energy companies headquartered in Dhahran, Saudi Arabia. 

He leads cybersecurity governance, risk management and cyber defence operations across complex industrial and enterprise environments. 

Abdulaziz's responsibilities include securing operational technology systems, strengthening cyber resilience and overseeing security standards across the organisation’s global operations.

He plays a key role in protecting critical energy infrastructure from evolving cyber threats within a highly-complex and strategically important global energy sector.