Title: Executive Manager - Cybersecurity AssuranceLocation: Riyadh, Saudi Arabia
About the ClientOur client is a prominent bank in the region, investing heavily in the maturity of its cybersecurity and technology risk framework. They are seeking an Executive Manager - Cybersecurity Assurance to lead independent security testing and control assurance activities across applications, infrastructure, and cloud environments. This role will play a critical part in validating defensive capabilities, overseeing penetration testing programs, and providing senior leadership with clear assurance on the bank’s cyber resilience.
Key ResponsibilitiesDesign and manage the annual penetration testing and security assurance program across applications, networks, infrastructure, and cloud platforms.Lead internal and third-party testing engagements, ensuring strong governance, quality execution, and adherence to recognised methodologies and standards.Oversee purple team exercises and control assessments to evaluate detection, response, and preventative capabilities against realistic threat scenarios.Review security testing outputs, validate findings, and ensure timely retesting and closure of remediation actions.Partner closely with IT, Cyber Defense, and Engineering teams to track remediation progress, escalate risks, and strengthen security controls.Develop assurance reporting, dashboards, and executive updates for senior management and cybersecurity governance forums.
Key Requirements6+ years’ experience in cybersecurity assurance, security testing, or technology risk roles within financial services or highly regulated environments.Strong hands-on knowledge of penetration testing management, control assurance, and security assessment frameworks.Experience coordinating internal and external testing providers and managing complex remediation programs.Solid understanding of common cyber standards and control frameworks (e.g., regulatory cybersecurity frameworks, industry standards, threat-based testing models).Proven ability to translate technical findings into clear risk-based reporting for senior stakeholders.Excellent stakeholder management skills, with the ability to work effectively across security, technology, and business teams.
