Information Security Risk & Assurance

Role summary

The Information Security Risk & Assurance role supports SNB’s security risk and assurance efforts by finding, assessing, and helping close gaps, weaknesses, vulnerabilities, and control failures through the department’s initiatives.

Key responsibilities

• Apply approved policies, procedures, governance requirements, and compliance instructions related to information security risk and IAM, and make sure team members follow them so work stays controlled and consistent.
• Follow the Bank’s AML/CTF policy, related guidance, and all SAMA rules covering account opening, KYC, and customer due diligence.
• Observe the Bank’s cyber security policies and all SAMA cyber security regulations, and help SNB stay aligned with internal, local, and international security controls and requirements.
• Assist in running detailed attack simulations to test how well SNB can detect and respond to threats.
• Evaluate the effectiveness of security controls and incident response procedures against realistic attack conditions.
• Contribute to purple team activities by supporting close cooperation between red and blue teams to strengthen threat detection and the overall security stance.
• Carry out compromise assessments to spot evidence of previous or active breaches and support quick containment and remediation.
• Help manage the vulnerability program by identifying issues, assessing risk, prioritizing findings, and tracking remediation across the environment.
• Arrange routine penetration testing for applications, networks, and infrastructure to uncover and confirm security weaknesses.
• Support the use and outcomes of SAST and DAST tools to promote secure development and detect code-related vulnerabilities.
• Examine configurations across systems, applications, and network devices to confirm they match internal standards and recognized best practices.

Requirements

• Saudi nationality is required.
• A bachelor’s degree in Computer Science, Information Technology, Information Systems, or a closely related discipline is preferred; candidates with a suitable academic background plus strong banking experience may also be considered.
• At least 3 years of experience in information security management or a related area.
• Solid understanding of enterprise security architecture and layered defense concepts.
• Strong knowledge of MITRE ATT&CK and threat actor tactics, techniques, and procedures (TTPs).
• Good grasp of secure development lifecycle (SDLC) integration.
• Ability to perform threat modeling and risk-focused security assessments.

Location

Riyadh, Saudi Arabia.

Additional information

This is a full-time, onsite position. No stipend or salary amount was stated in the source, and no number of openings, start date, or application deadline was provided.