Cyber & Information Security Specialist📣 إعلان

About the Cyber & Information Security Specialist Role

Riyad Bank is seeking a Cyber & Information Security Specialist to join its team in Riyadh. This full-time position requires 2-5 years of experience in cyber and information security. The role focuses on establishing, managing, and enforcing security controls to protect the bank's IT assets and monitor information security threats.

Core Responsibilities

The Cyber & Information Security Specialist will be responsible for a range of critical security functions. This includes analyzing IT systems and applications for compliance with security policies, identifying and proposing solutions for potential discrepancies, and developing analytical reports for management. The role also involves performing security enforcement reviews of existing and new systems, documenting security enforcement rules across all IT architecture layers, and maintaining up-to-date records of security controls.

Furthermore, the specialist will review applications and infrastructure systems for compliance, enforce security controls to mitigate risks, and provide guidance to project teams on implementing security solutions. A key aspect of the role involves analyzing business and technical issues during operations to identify failures in security controls and proposing revised controls as needed. The position also entails enforcing vulnerability management practices, ensuring coverage and periodic scanning of all systems, and reporting on vulnerability status and KPIs.

Security Enforcement and Monitoring

This role requires the enforcement of security controls for effective Identity and Access Management across all systems and applications. It includes reviewing code security scans to ensure the source code is free from vulnerabilities and enforcing mitigation of discovered security vulnerabilities. The specialist will also review remote access granted to users, ensuring unnecessary access is removed and that granted access does not pose a security risk. Conducting security testing of new business applications, upgrades, and changes is also a core responsibility, ensuring applicable security controls are enforced.

Risk Assessment and Threat Management

A significant part of the role involves performing bank-wide asset risk assessments and monitoring risk across Riyad Bank. The specialist will participate in the identification, tracking, and monitoring of information security threats and service operations. This includes identifying processes, tools, and techniques that can enhance the protection of the Bank from potential breaches and providing guidance in the area of forensics to shield operations against potential threats. Reviewing security control systems and related operational processes to ensure they operate in accordance with security policies is also essential, as is analyzing failed or ineffective security controls to identify impacts and propose corrective actions.

Operational Adherence and Improvement

Adherence to departmental policies, processes, and standard operating procedures is required to ensure work is carried out in a controlled and consistent manner. The role also involves following day-to-day operations related to the job to ensure continuity. Contributions to the identification of opportunities for continuous improvement of processes and practices, considering international best practices, business process improvement, cost reduction, and productivity enhancement, are expected. Compliance with all relevant safety, quality, and environmental management policies, procedures, and controls is also a requirement.

Qualifications and Experience

The ideal candidate will possess 2-5 years of experience in cyber and information security. The role requires a thorough understanding of security policies, standards, and best practices. The ability to analyze complex technical and business requirements and propose effective security solutions is crucial. Experience in performing risk assessments, vulnerability management, and security testing is essential. The candidate should be adept at documenting security controls and procedures and reporting on security compliance and risks.