Broxer
Join
The Saudi National Bank - SNB

Information Security Risk & Assurance

The Saudi National Bank - SNB

Riyadh, Riyadh Province, Saudi Arabia · Full Time

Be the first to apply

⚠️
This job is no longer accepting applications. The application deadline has passed. Browse open jobs →
Experience
3+ yrs
Salary
Openings
1
Posted
1 week ago
Work mode
In office
Education
Bachelor's degree
Eligibility
Saudi nationals with a bachelor’s degree in CS, IT, IS, or a related field; alternatively, candidates with comparable education and strong banking experience may be considered.
Resume
Required to apply

Where you'll work

Job description

Role summary

The Information Security Risk & Assurance role supports SNB’s security risk and assurance efforts by finding, assessing, and helping close gaps, weaknesses, vulnerabilities, and control failures through the department’s initiatives.

Key responsibilities

  • Apply approved policies, procedures, governance requirements, and compliance instructions related to information security risk and IAM, and make sure team members follow them so work stays controlled and consistent.
  • Follow the Bank’s AML/CTF policy, related guidance, and all SAMA rules covering account opening, KYC, and customer due diligence.
  • Observe the Bank’s cyber security policies and all SAMA cyber security regulations, and help SNB stay aligned with internal, local, and international security controls and requirements.
  • Assist in running detailed attack simulations to test how well SNB can detect and respond to threats.
  • Evaluate the effectiveness of security controls and incident response procedures against realistic attack conditions.
  • Contribute to purple team activities by supporting close cooperation between red and blue teams to strengthen threat detection and the overall security stance.
  • Carry out compromise assessments to spot evidence of previous or active breaches and support quick containment and remediation.
  • Help manage the vulnerability program by identifying issues, assessing risk, prioritizing findings, and tracking remediation across the environment.
  • Arrange routine penetration testing for applications, networks, and infrastructure to uncover and confirm security weaknesses.
  • Support the use and outcomes of SAST and DAST tools to promote secure development and detect code-related vulnerabilities.
  • Examine configurations across systems, applications, and network devices to confirm they match internal standards and recognized best practices.

Requirements

  • Saudi nationality is required.
  • A bachelor’s degree in Computer Science, Information Technology, Information Systems, or a closely related discipline is preferred; candidates with a suitable academic background plus strong banking experience may also be considered.
  • At least 3 years of experience in information security management or a related area.
  • Solid understanding of enterprise security architecture and layered defense concepts.
  • Strong knowledge of MITRE ATT&CK and threat actor tactics, techniques, and procedures (TTPs).
  • Good grasp of secure development lifecycle (SDLC) integration.
  • Ability to perform threat modeling and risk-focused security assessments.

Location

Riyadh, Saudi Arabia.

Additional information

This is a full-time, onsite position. No stipend or salary amount was stated in the source, and no number of openings, start date, or application deadline was provided.

Skills

Penetration Testing Information security risk management Security governance Vulnerability management Threat modeling MITRE ATT&CK Incident response assessment Secure SDLC SAST/DAST Configuration review Purple teaming Cyber security compliance

Leave it if you'd like a reply — we won't use it for anything else.

Click to browse, drag & drop, or paste a screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Max 20MB each · Up to 5 files