Job description

IT Risk Management role responsible for identifying, assessing, monitoring, and reporting IT and Cyber risks to ensure regulatory compliance and protect the bank’s technology environment in alignment with enterprise risk management within a banking or financial services context in Saudi Arabia. The position develops and maintains the IT Risk Management Framework and IT Risk Register, defines and monitors IT Risk Appetite and Key Risk Indicators (KRIs), and conducts comprehensive IT and Cyber risk assessments across applications, infrastructure, cloud environments, cybersecurity controls, and third-party technology providers. The role performs inherent risk and residual risk analysis to evaluate exposure levels and control effectiveness, while ensuring compliance with key regulatory and international frameworks including the Saudi Central Bank Cybersecurity Framework (SAMA CSF), National Cybersecurity Authority Essential Cybersecurity Controls (NCA ECC), International Organization for Standardization ISO 27001, ISACA COBIT, and PCI Security Standards Council PCI-DSS. Responsibilities include monitoring remediation plans and evaluating control effectiveness across the bank’s IT environment, preparing IT Risk reports and risk dashboards for Senior Management, Risk Committee, and Board-level oversight, managing third-party IT risk assessments, and supporting internal audits and regulatory audits. The role requires experience managing an IT Risk Register and leveraging Governance, Risk, and Compliance (GRC) platforms including RSA Archer, ServiceNow GRC, MetricStream, and AuditBoard to track risks, controls, and remediation activities. Candidates are expected to possess strong IT and Cyber Risk assessment capabilities and hold or pursue professional certifications such as CISA, CISM, CRISC, or CISSP, with strong exposure to regulatory frameworks used within the banking sector in Saudi Arabia.