About the Company

• Al Yusr is a non‑bank finance company in Riyadh (KSA) serving individuals and SMEs. (LinkedIn)
• Operates under Saudi Central Bank (SAMA) supervision; financing companies are in scope of the SAMA Cybersecurity Framework. (LinkedIn, SAMA Rulebook)
• Driving digital: launched/iterating the Al Yusr app and showcased at LEAP/Money20/20 with new partnerships (e.g., Neoleap, Global ITS). (App Store, LinkedIn update)

About the Lead

• Falah Alshammari (role not publicly listed); LinkedIn profile provided. (LinkedIn)
• Owns or supports vendor choices that affect SAMA/NCA control alignment.
• Owns or supports audit readiness evidence for SAMA CSF self‑assessments.
• Owns or supports protection of digital channels (app/APIs) with IT/Risk.

What Keeps Them Up at Night

• Meeting regulator expectations: maintaining SAMA CSF maturity while aligning with NCA ECC. (SAMA Rulebook, NCA ECC Guide)
• Securing fast‑growing mobile/app & API flows against ATO, fraud, and data leakage. (App Store)
• Managing third‑party risk from new fintech/AI partnerships (e.g., Neoleap, Global ITS). (LinkedIn update)

How to Position SHELT

• 24/7 SOC – finance‑grade monitoring and response.
• Reduce MTTD/MTTR and improve visibility mapped to SAMA CSF ops controls.
• XDR + API Security help detect ATO/data exfiltration across endpoints, cloud, and APIs.
• GRC support helps align with SAMA CSF and NCA ECC and keep audit artifacts ready.

Discovery Questions

• What SAMA CSF maturity level are you targeting for 2026, and where are the biggest gaps today?
• How are you monitoring API and mobile events end‑to‑end to catch ATO/fraud without adding friction?
• What’s your cadence/tooling for SAMA/NCA evidence collection and third‑party controls (e.g., Neoleap/Global ITS)?

Ice Breaker: "I saw your Money20/20 Riyadh posts and the Neoleap/Global ITS agreements—how is that shaping your 2026 risk priorities?"