img
Contract TypeFull-time
Workplace typeOn-site
LocationRiyadh

Job Description

About the Role

The Saudi National Bank (SNB) is seeking an Information Security Risk & Assurance professional to join its team in Riyadh, Saudi Arabia. This role is integral to supporting SNB's Information Security Risk and Assurance programs by identifying and addressing security weaknesses, gaps, vulnerabilities, and failures through the execution of departmental initiatives. The position contributes to maintaining the bank's robust security posture and ensuring compliance with regulatory standards.

Key Responsibilities

  • Implement approved Information Security Risk IAM governance and compliance policies, processes, procedures, and instructions, monitoring adherence to ensure controlled work execution.
  • Adhere to the Bank's AML/CTF policy, guidelines, and all SAMA regulations pertaining to account opening, KYC, and Customer Due Diligence.
  • Comply with the Bank's Cyber Security policies and all SAMA regulations, supporting SNB's compliance with internal, national, and international Cyber Security controls and regulations.
  • Support the execution of attack simulations to validate the effectiveness of SNB's detection and response capabilities.
  • Assess the strength of security controls and incident response processes against real-world attack scenarios.
  • Support purple teaming efforts by ensuring active collaboration between red and blue teams to enhance the overall security posture and threat detection.
  • Conduct compromise assessments to identify indicators of past or ongoing breaches and ensure timely containment and remediation.
  • Support the vulnerability management program, including the identification, risk analysis, prioritization, and tracking of vulnerabilities across the environment.
  • Coordinate regular penetration testing of applications, networks, and infrastructure to uncover and validate security weaknesses.
  • Support the implementation and results of SAST and DAST tools to ensure secure software development practices and identify code-level vulnerabilities.
  • Review configurations across systems, applications, and network devices, ensuring compliance with internal baselines and industry best practices.

Qualifications and Requirements

  • Must be a Saudi national.
  • Hold a Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field; or an acceptable educational level accompanied by strong banking experience.
  • Possess a minimum of 3 years of experience in Information Security Management or a related field.
  • Demonstrate a strong understanding of enterprise security architecture and layered defense principles.
  • Exhibit deep knowledge of MITRE ATT&CK and threat actor TTPs.
  • Show a deep understanding of secure development lifecycle (SDLC) integration.
  • Be skilled in threat modeling and risk-based security assessments.

Required Skills

  • Information Security Risk IAM governance
  • AML/CTF policy adherence
  • SAMA regulations compliance
  • Cyber Security policies implementation
  • Attack simulations and validation
  • Detection and response capabilities enhancement
  • Security controls assessment
  • Incident response processes evaluation
  • Purple teaming collaboration
  • Threat detection improvement
  • Compromise assessments and remediation
  • Vulnerability management lifecycle
  • Penetration testing coordination
  • SAST and DAST tool support
  • Secure software development practices
  • Enterprise security architecture principles
  • Layered defense strategies
  • MITRE ATT&CK framework knowledge
  • Threat actor Tactics, Techniques, and Procedures (TTPs) understanding
  • Secure Development Lifecycle (SDLC) integration
  • Threat modeling expertise
  • Risk-based security assessments

Work Environment and Location

This is a full-time position based in Riyadh, Saudi Arabia. The role requires 2-5 years of experience in a relevant field.


Requirements

  • Requires 2-5 Years experience

Similar Jobs