Cybersecurity Assessment & Penetration Testing Manager

The Cybersecurity Assessment & Penetration Testing Manager will support the enterprise-wide cybersecurity risk management program implementations and ensure robust security across all digital products and services in line with the SAMA Cybersecurity Framework (CSF) and NCA requirements. This position is responsible for conducting threat modeling, developing and maintaining risk assessment methodologies under the risk management team, and identifying and assessing cybersecurity risks affecting the organization’s critical systems.

Key responsibilities include managing annual risk assessments, advising IT and business units on risk mitigation, updating security review documentation, conducting detailed risk assessments and threat modeling for IT projects, facilitating cross-team coordination, and performing application penetration testing. The role also involves automating application security scanning tools to ensure vulnerabilities are identified and mitigated before production.

Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time
Working Hours: 8:00 AM to 5:00 PM (Sunday to Thursday)

Qualifications and Experience:

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, or a related discipline.
• Minimum of 3 years of professional experience in cybersecurity risk management and penetration testing roles, governance, IT audit, or a related field, preferably in the financial or banking sector.
• Strong experience with application security tools including static (SAST), dynamic (DAST), mobile (MAST), SCA, and interactive (IAST).
• Hands-on experience in secure SDLC integrations.
• In-depth knowledge of OWASP Top 10, SANS CWE, and threat modeling.
• Experience in roles involving compliance with SAMA CSF and NCA ECC.

Language Requirements: Not specified.