وظيفة مختص مخاطر وضمان أمن المعلومات لدى البنك الأهلي السعودي بالرياض

Support SNB’s Information Security Risk and Assurance programs by identifying and addressing security weaknesses, gaps, vulnerabilities and failures through the effective execution of the department initiatives.

Job Responsibilities:

• Implement approved Information Security Risk IAM governance and compliance policies, processes, procedures and instructions to subordinates and monitor their adherence so that work is carried out in a controlled manner.
• Adhere to the Bank’s AML/CTF policy, guidelines and all SAMA’s regulations relating to account opening, KYC and Customer Due Diligence.
• Adhere to the Bank’s Cyber Security policies, and all SAMA regulations. Ensure to support SNB to comply with internal, national, and international Cyber Security controls and regulations.
• Support the execution of comprehensive attack simulations to validate the effectiveness of SNB’s detection and response capabilities.
• Assess the strength of security controls and incident response processes against real-world attack scenarios.
• Support purple teaming by ensuring active collaboration between red and blue teams to enhance overall security posture and threat detection.
• Conduct compromise assessments to identify indicators of past or ongoing breaches and ensure timely containment and remediation.
• Support the vulnerability management program, including identification, risk analysis, prioritization, and tracking of vulnerabilities across the environment.
• Coordinate regular penetration testing of applications, networks, and infrastructure to uncover and validate security weaknesses.
• Support the implementation and results of SAST and DAST tools to ensure secure software development practices and identify code-level vulnerabilities.
• Review configuration across systems, applications, and network devices, ensuring compliance with internal baselines and industry best practices.

Job Requirements:

• Saudi
• Bachelor's degree in CS, IT, IS or any related field; or an acceptable educational level accompanied by a strong banking experience.
• Minimum of 3 years of experience in the Information Security Management or a related field
• Strong understanding of enterprise security architecture and layered defense principles.
• Deep knowledge of MITRE ATT&CK and threat actor TTPs.
• Deep understanding of secure development lifecycle (SDLC) integration.
• Skilled in threat modeling and risk-based security assessments.

Job Location:

Riyadh