Senior Information Security Specialist

The Information Security Lead will serve as a pivotal advisor and technical authority on cybersecurity matters within the bank. This role is responsible for developing, implementing, and maintaining robust cybersecurity strategies, ensuring compliance with national regulations, and safeguarding the bank's information assets against emerging threats. The candidate will collaborate with various departments to integrate security best practices into all aspects of the bank's operations.

This individual will work closely with Program management and other departments to drive process improvements, implement best practices, and contribute to strategic decision-making within the Consumer Banking function.

• Develop and maintain the bank's cybersecurity policies, standards, and procedures in alignment with SAMA's Cyber Security Framework and NCA guidelines.
• Advise senior management on cybersecurity risks, trends, and regulatory requirements.
• Participate in the development of the bank's overall information security strategy.
• Conduct regular risk assessments to identify vulnerabilities and recommend mitigation strategies.
• Ensure compliance with relevant cybersecurity laws, regulations, and standards.
• Coordinate with internal and external auditors during cybersecurity audits.

• Design and implement secure IT architectures for new and existing systems.
• Oversee the deployment and management of security tools and technologies.
• Monitor security systems for potential threats and respond to incidents as necessary.
• Develop and deliver cybersecurity training programs for employees.
• Promote a culture of security awareness throughout the organization.
• Work closely with IT, legal, compliance, and other departments to ensure security considerations are integrated into all projects.
• Serve as the primary point of contact for cybersecurity matters with external partners and regulators.

• Conduct Application specific architecture design review for all Greenfield applications from security point of view and recommend mitigation strategies.
• Ensure design is in accordance with relevant well architected frameworks and cybersecurity laws, regulations, and standards.

• Conduct application specific risk assessment for all Greenfield applications to identify vulnerabilities and recommend mitigation strategies/ compensating controls.
• Ensure compliance with relevant cybersecurity laws, regulations, and standards.

• Participate in KSA DL project specific vendor evaluation from Infosec perspective and provide scoring representing the Infosec team.
• Perform vendor due diligence reviews during KSA DL project specific vendor onboarding in line with Vendor risk management framework.

• Bachelor's or Master's degree in Information Security, Computer Science, Information Technology, or a related field.

• Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent are preferred.

• Minimum of 10 years of experience in information security in banking sector, with at least 5 to 3 years in a KSA banking environment.
• Demonstrated experience in developing and implementing cybersecurity policies and frameworks.

• In-depth knowledge of cybersecurity principles, risk management, and regulatory compliance.
• Strong understanding of SAMA's Cyber Security Framework and NCA guidelines.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively across departments and with external stakeholders.