Tawantech
IT Risk Manager – Cybersecurity and Regulatory Compliance
- Permanent
- Riyadh, Saudi Arabia
- Experience 5 - 10 yrs
Job expiry date: 12/04/2026
Job overview
Date posted
26/02/2026
Location
Riyadh, Saudi Arabia
Salary
SAR 20,000 - 30,000 per month
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Manager
Qualification
Bachelors degree
Expiration date
12/04/2026
Job description
The IT Risk Manager is responsible for the identification, assessment, monitoring, and reporting of IT and Cyber risks across the bank's technology environment. This role ensures compliance with regulatory standards, including SAMA Cybersecurity Framework (CSF), NCA Essential Cybersecurity Controls (ECC), ISO 27001, COBIT, and PCI-DSS. The position involves developing and maintaining the IT Risk Management Framework and IT Risk Register, performing inherent and residual risk analysis, monitoring remediation plans and control effectiveness, managing third-party IT risk assessments, and preparing comprehensive IT Risk reports for Senior Management, Risk Committee, and the Board. The role requires collaboration with internal stakeholders to support internal and regulatory audits while embedding strong IT and Cyber risk management practices within the bank.
Required skills
Key responsibilities
- Develop and maintain IT Risk Management Framework and IT Risk Register
- Define and monitor IT Risk Appetite and Key Risk Indicators (KRIs)
- Conduct IT & Cyber risk assessments across applications, infrastructure, cloud, cybersecurity, and third-party vendors
- Perform inherent and residual risk analysis to evaluate exposure
- Ensure compliance with SAMA Cybersecurity Framework (CSF), NCA Essential Cybersecurity Controls (ECC), ISO 27001, COBIT, and PCI-DSS
- Monitor remediation plans and assess control effectiveness
- Prepare IT Risk reports for Senior Management, Risk Committee, and Board
- Manage third-party IT risk assessments and ongoing monitoring
- Support internal and regulatory audits related to IT and Cyber risk
Experience & skills
- 8+ years of IT / Cyber Risk experience
- Experience in banking or financial services (preferably in KSA)
- Strong regulatory exposure including SAMA CSF and NCA ECC
- Experience managing IT Risk Register
- Proficiency with GRC tools such as Archer, ServiceNow GRC, MetricStream, or AuditBoard
- Banking IT risk experience
- Regulatory audit exposure
- Strong risk assessment and analysis background
- Professional certification such as CISA, CISM, CRISC, or CISSP