Information Security Risk & Assurance Specialist

About the role

We are looking for an Information Security Risk & Assurance Specialist to support SNB’s security programs. The role focuses on identifying and mitigating security weaknesses, ensuring compliance with regulatory and internal policies, and enhancing the bank’s overall security posture.

Key responsibilities

• Implement and monitor IAM governance and compliance policies.
• Support AML/CTF, KYC, and Customer Due Diligence processes in line with SAMA regulations.
• Execute comprehensive attack simulations, purple‑team activities, and compromise assessments.
• Assess security controls and incident response against real‑world threat scenarios.
• Coordinate regular penetration testing, vulnerability management, and remediation tracking.
• Oversee SAST and DAST tooling to embed secure development practices.
• Review system, application, and network configurations for baseline compliance.

Required profile

• Saudi bachelor’s degree in Computer Science, IT, IS or related field (or equivalent experience with strong banking background).
• Minimum 3 years of experience in information security management or a related discipline.
• Deep understanding of enterprise security architecture, layered defense, and secure development lifecycle.

Required skills

• MITRE ATT&CK framework
• Threat modeling and risk‑based security assessments
• SAST and DAST tools
• Penetration testing
• Vulnerability management
• Purple teaming
• Attack simulations
• Compromise assessments
• Configuration review
• IAM governance