Cyber Security Engineer

Stealth Mode

We are seeking technical professionals to execute a comprehensive Risk Assessment Program, including Penetration testing, threat management, to ensure success, a vendor with proven experience in managing projects of large size organization and complexity is required:
Scope & Responsibilities:
Ensure compliance & implement robust processes that align with industry best practices and standards to ensure compliance with regulatory requirements such as SAMA, NCA, SWIFT, and PCI-DSS management Capabilities.
Strengthen the banks risk management processes through systematic identification, analysis, mitigation, and monitoring of risks. This includes skilled onboarding resources with specialized risk assessment and treatment expertise to enhance operational efficiency and effectiveness.
Enhance the banks Vulnerability & Penetration testing capabilities by systematically identifying, analyzing, reporting, and tracking the mitigation process in coordination with internal stakeholders. Onboard specialized professionals to manage the vulnerability lifecycle, ensure timely remediation, and conduct consistent monitoring and validation of the process's effectiveness.
Enhance the banks threat management capabilities by systematically identifying, analyzing, reporting, and tracking the mitigation process in collaboration with internal stakeholders. Onboard specialized professionals to manage the threat lifecycle, ensure timely detection, and perform consistent monitoring and validation of process effectiveness.
Develop a centralized and structured risk register for ongoing monitoring, review, and prioritization. This register will enable effective management and maintenance of risks, vulnerabilities, threats, and asset classifications across all domains.
Establish and document end-to-end workflows for risk assessments, with specific consideration for vulnerabilities, threats, asset classification, tracking, and reporting. Utilize expert resources to define and streamline these workflows and ensure operational consistency and compliance.

Detailed Description.
Comprehensive Risk Assessments
Conduct qualitative and quantitative risk assessments aligned with the banks established Risk Management Framework, ensuring a comprehensive evaluation of all assets.
Identify risks associated with information/data assets, business processes, applications, and IT infrastructure, emphasizing their criticality to the banks operations.
Conduct risk assessments for critical infrastructure to safeguard banking assets against evolving threats.
Execute risk assessments for third-party engagements, outsourcing activities, cloud services, vendor evaluations, and new product development. Additionally, evaluate risks related to change requests, ensuring alignment with the banks security policy, standards, and procedures.
Develop and implement actionable risk treatment plans, offering options such as mitigation, avoidance, risk transfer, or acceptance tailored to address identified risks.
Vulnerability Management and Penetration Testing
Conduct vulnerability assessments to identify and remediate security weaknesses across banks network, systems, and applications, ensuring continuous security improvement.
Perform internal and external penetration testing to simulate real-world attack scenarios and evaluate the resilience of systems and applications.
Provide comprehensive reports for vulnerability assessments and penetration tests, including actionable remediation recommendations with risk prioritization.
Collaborate with relevant stakeholders to address and mitigate identified vulnerabilities based on criticality and regulatory requirements.
Ensure all activities comply with regulatory standards such as SAMA, NCA, PCI-DSS, SWIFT, and industry best practices.
Strictly adhere to the bank's information security policies, standards, and applicable frameworks, ensuring alignment with governance requirements.
Actively participate in internal, external, and regulatory audits, providing required documentation and evidence to demonstrate compliance, thus avoiding findings or observations.
Prepare and present regular dashboards, reports, and presentations covering progress, challenges, and mitigations for the management monthly, quarterly, and half-yearly.
Demonstrate substantial documentation and communication skills to effectively engage with internal and external stakeholders, ensuring clarity and alignment.
Establish processes for continuous monitoring and review of remediation effectiveness to maintain the security posture over time.
Qualifications:
Relevant industry certifications such as CISM, CISA, CISSP, CRISC, SABSA, C|EH, GIAC, GPEN, OSCP, CVPA, GWAPT, CompTIA Security+, and CompTIA PenTest+.
7-10 years of experience in risk management and information security, preferably within the banking or financial sector.
Demonstrate proven expertise and experience with ISO 27005, ISO 31000, SAMA CSF, NCA, SWIFT, and PCI-DSS standards.
Proven expertise in implementing risk management processes in banking or financial institutions.
In-depth expertise in vulnerability management and penetration testing methodologies.
Proficiency in tools like Tenable, Qualys Guard, Nessus, Burp Suite, or similar platforms.
Strong knowledge of IT infrastructure, including servers, network equipment, and workstations.
Business domain knowledge in banking or fintech sectors.
Strong analytical and technical skills in risk identification and vulnerability assessment.
Knowledge of cybersecurity in cloud environments (preferred).