A KSA bank with 80 branches across Riyadh, Jeddah, Dammam, Madinah, Khobar, plus regional centers, faces a specific kind of engineering challenge. Every branch must run core banking 24/7. Every ATM must be available 99.95%+ of the time. Every cybersecurity control must align to SAMA’s Cybersecurity Framework. Every transaction must pass ZATCA compliance for relevant fintech. Every data flow must respect PDPL boundaries. Every audit must produce evidence the examiners actually expect.

EIE has been delivering banking IT in Saudi Arabia for over twenty years — across multi-branch network refreshes, contact-center modernizations, Mitel-to-Cisco-to-Avaya UC transitions, SAMA-aligned penetration testing, GRC programs, ATM connectivity overhauls, and branch-security cybersecurity overlay. Forty-year operational presence in the Kingdom plus banking-specific engineering depth.

What KSA banking IT actually involves

Modern KSA banking IT has multiple layers:

Core banking — typically a centralized core application (Temenos, Finacle, Misys, custom-developed). Branch terminals connect to core via secure WAN. Latency-sensitive; outages cost money.

Multi-branch network — connecting 50-200+ branches to central data centers. Historically MPLS; increasingly SD-WAN with security overlay. Bandwidth: 10-100 Mbps per branch typically.

Contact center — inbound + outbound for customer service, collections, compliance. Mitel MiContact Center Enterprise, Cisco UCCX/UCCE, Avaya Aura Contact Center common platforms. Multi-language Arabic/English/Urdu/Tagalog for diverse customer base.

Cybersecurity — SAMA Cybersecurity Framework alignment is mandatory. Managed SOC, SIEM, NDR, EDR, vulnerability management, incident response. Annual pen testing as SAMA mandate.

ATM connectivity — distributed ATM network. Each ATM is a network endpoint with specific reliability and security requirements. PCI-DSS compliance.

Branch security — physical CCTV, access control, cash-room monitoring, tamper alarms. Fully integrated with cybersecurity overlay.

ZATCA fintech compliance — for digital wallets, payment platforms, and fintech subsidiaries. Phase 2 e-invoicing integration.

Cloud strategy — most KSA banks operate hybrid. Regulated workloads on-premises or in NCA-classified KSA-region cloud. Elastic non-regulated to global cloud.

SAMA Cybersecurity Framework

Every KSA bank’s cybersecurity program is benchmarked against SAMA’s Cybersecurity Framework — a maturity-based assessment across four levels (Initiated, Managed, Defined, Optimized) covering control areas including governance, risk management, threat detection, response, recovery.

EIE’s banking engagements typically include:

Gap-to-maturity mapping per control area
Prioritized roadmap by maturity gain per quarter
Monthly reporting in SAMA-aligned format
Quarterly tabletop exercises with documentation
Audit firm coordination
SAMA examiner liaison support

The depth here matters — auditors look for evidence that controls operate continuously, not just exist on paper.

Multi-branch SD-WAN for KSA banks

The dominant pattern for KSA banking branch networks is SD-WAN with security overlay:

MPLS or fiber for core banking at branches with mission-critical reliability needs
Internet broadband for general traffic; cost-effective
4G/5G backup for branch failover
Application-aware routing prioritizes core banking, ATM, and CCTV traffic
Encryption (IPsec) tunneling site-to-site
SAMA-aligned audit logging built into the architecture
Centralized monitoring via NOC

Vendors: Cisco Catalyst SD-WAN, Fortinet Secure SD-WAN (combined SD-WAN + security), HPE Aruba EdgeConnect, Cato Networks (SASE).

KSA banking-specific concerns

Saudization for branch and contact center — staff training in Arabic + English; KSA national workforce alignment.

Hijri / Gregorian dual calendar — banking systems support both for customer-facing reports.

Prayer-time considerations — branch operational schedules accommodate prayer breaks.

Ramadan operational windows — banks operate modified hours; IT operations factored.

Saudi Customs — hardware imports require structured logistics; project schedules account for 8-12 week lead times for special-order items.

Frequently asked questions

What’s your SAMA Cybersecurity Framework experience? Multiple KSA bank engagements covering gap analysis through ongoing operations. SAMA examiner liaison support included.

Can you handle 80-branch SD-WAN deployment? Yes. Multi-site SD-WAN at this scale is a structured 6-9 month engagement with phased rollout.

What about ATM connectivity? Yes — ATM network design, secure connectivity, PCI-DSS compliance overlay, monitoring.

Do you handle Mitel/Cisco/Avaya migrations for banking contact centers? Yes. Migrations between platforms with dial plan preservation, agent training, gradual cutover. Common pattern: legacy Avaya to Mitel MiContact Center or Cisco UCCE.

What’s your cybersecurity scope for banks? Full scope — managed SOC (KSA-resident), SIEM/SOAR, EDR/XDR, vulnerability management, pen testing (annual SAMA mandate), GRC, DFIR retainer.

Can you coordinate with our existing audit firm? Yes — KPMG, Deloitte, PwC, EY, BDO, Crowe, plus regional firms. Pre-audit readiness, evidence preparation, post-audit remediation.