IT Risk Management

Role Purpose

Responsible for identifying, assessing, monitoring, and reporting IT and Cyber risks to ensure regulatory compliance and protect the bank’s technology environment in alignment with enterprise risk management.

• Develop and maintain IT Risk Management Framework and IT Risk Register
• Define and monitor IT Risk Appetite and KRIs
• Conduct IT & Cyber risk assessments across applications, infrastructure, cloud, cybersecurity, and third parties
• Perform inherent and residual risk analysis
• Ensure compliance with:
  • Saudi Central Bank Cybersecurity Framework (CSF)
  • National Cybersecurity Authority Essential Cybersecurity Controls (ECC)
  • International Organization for Standardization ISO 27001
  • ISACA COBIT
  • PCI Security Standards Council PCI-DSS
• Monitor remediation plans and control effectiveness
• Prepare IT Risk reports for Senior Management, Risk Committee, and Board
• Manage third-party IT risk assessments
• Support internal and regulatory audits

• 8+ years IT / Cyber Risk experience

• Banking or financial services experience (KSA preferred)
• Strong regulatory exposure (SAMA CSF / NCA ECC)
• Experience managing IT Risk Register
• Experience with GRC tools (Archer, Service Now GRC, Metric Stream, Audit Board)
• Certifications preferred: CISA, CISM, CRISC, CISSP

• Banking IT risk experience
• Regulatory audit exposure
• Strong risk assessment background
• Professional certification (CISA/CISM/CRISC/CISSP)