Cybersecurity BCM & Audit Manager📣 Job Ad

About the Role

A client in the financial services sector is seeking an IT, Cybersecurity, and Business Continuity Audit Manager to join their team in Riyadh, Saudi Arabia. This full-time position involves leading risk-based internal audit engagements to provide independent assurance over technology controls, resilience, security posture, and regulatory compliance.

Key Responsibilities

• Lead the planning, execution, and reporting of internal audit engagements focused on IT, cybersecurity, and business continuity.
• Develop and maintain a risk-based annual audit plan covering IT governance, infrastructure, cybersecurity, disaster recovery, and business continuity management (BCM).
• Conduct audits and assessments aligned with regulatory frameworks and standards, including SAMA cybersecurity requirements, NCA controls, and best practices such as ISO 27001, ISO 22301, COBIT, and ITIL.
• Evaluate IT general controls, application controls, third-party IT risks, data governance, and cloud security.
• Assess the adequacy and effectiveness of business continuity and disaster recovery plans, including verifying testing frequency and outcomes.
• Identify control gaps in the design and operating effectiveness of IT and resilience activities.
• Provide independent assurance and advisory support to management on IT projects, system implementations, and cybersecurity programs.
• Ensure the timely issuance of audit reports and manage the follow-up on open issues and corrective actions.
• Supervise, mentor, and develop junior audit staff involved in IT audit and cybersecurity reviews.
• Coordinate with other internal audit managers to ensure integrated audit coverage and alignment with the overall audit strategy.
• Represent Internal Audit in discussions with management, regulators, and external assessors on technology-related audit matters.
• Support leadership in preparing updates for senior management and the Audit Committee.

Qualifications and Experience

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field; a Master’s degree is preferred.
• A minimum of 6 years of relevant experience, including managerial exposure.
• Possession of a mandatory professional certification such as CISA, or an equivalent like CISSP, CISM, CRISC, ISO 27001 Lead Auditor, or ISO 22301.
• Strong knowledge of financial sector regulatory requirements, particularly those from SAMA and the National Cybersecurity Authority (NCA).

Required Skills and Attributes

• Strong analytical skills, professional skepticism, and high ethical standards.
• Excellent written and verbal communication skills in English; Arabic proficiency is an advantage.
• Experience using data analytics tools (*, ACL, IDEA, Power BI) and Enterprise Risk Management (ERM) systems is considered a plus.
• Preferred experience auditing ERP systems, cloud platforms, and IT infrastructure within a regulated environment.

Work Environment

This is a full-time position based in Riyadh, Saudi Arabia. The role requires close coordination with various internal audit teams and representation of Internal Audit to senior stakeholders.