Overview
Information Security Risk & Assurance Jobs in Riyadh, Saudi Arabia at The Saudi National Bank – SNB
Title: Information Security Risk & Assurance
Company: The Saudi National Bank – SNB
Location: Riyadh, Saudi Arabia
Support SNB’s Information Security Risk and Assurance programs by identifying and addressing security weaknesses, gaps, vulnerabilities and failures through the effective execution of the department initiatives.
Job Responsibilities:
- Implement approved Information Security Risk IAM governance and compliance policies, processes, procedures and instructions to subordinates and monitor their adherence so that work is carried out in a controlled manner.
- Adhere to the Bank’s AML/CTF policy, guidelines and all SAMA’s regulations relating to account opening, KYC and Customer Due Diligence.
- Adhere to the Bank’s Cyber Security policies, and all SAMA regulations. Ensure to support SNB to comply with internal, national, and international Cyber Security controls and regulations.
- Support the execution of comprehensive attack simulations to validate the effectiveness of SNB’s detection and response capabilities.
- Assess the strength of security controls and incident response processes against real-world attack scenarios.
- Support purple teaming by ensuring active collaboration between red and blue teams to enhance overall security posture and threat detection.
- Conduct compromise assessments to identify indicators of past or ongoing breaches and ensure timely containment and remediation.
- Support the vulnerability management program, including identification, risk analysis, prioritization, and tracking of vulnerabilities across the environment.
- Coordinate regular penetration testing of applications, networks, and infrastructure to uncover and validate security weaknesses.
- Support the implementation and results of SAST and DAST tools to ensure secure software development practices and identify code-level vulnerabilities.
- Review configuration across systems, applications, and network devices, ensuring compliance with internal baselines and industry best practices.
Job Requirements:
- Saudi
- Bachelor's degree in CS, IT, IS or any related field; or an acceptable educational level accompanied by a strong banking experience.
- Minimum of 3 years of experience in the Information Security Management or a related field
- Strong understanding of enterprise security architecture and layered defense principles.
- Deep knowledge of MITRE ATT&CK and threat actor TTPs.
- Deep understanding of secure development lifecycle (SDLC) integration.
- Skilled in threat modeling and risk-based security assessments.
Job Location:
Riyadh
